catocli 1.0.21__py3-none-any.whl → 2.0.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (139) hide show
  1. catocli/Utils/clidriver.py +112 -25
  2. catocli/Utils/profile_manager.py +188 -0
  3. catocli/Utils/version_checker.py +192 -0
  4. catocli/__init__.py +1 -1
  5. catocli/parsers/configure/__init__.py +115 -0
  6. catocli/parsers/configure/configure.py +307 -0
  7. catocli/parsers/custom/__init__.py +8 -0
  8. catocli/parsers/custom/export_rules/__init__.py +36 -0
  9. catocli/parsers/custom/export_rules/export_rules.py +361 -0
  10. catocli/parsers/custom/import_rules_to_tf/__init__.py +58 -0
  11. catocli/parsers/custom/import_rules_to_tf/import_rules_to_tf.py +577 -0
  12. catocli/parsers/mutation_admin_addAdmin/README.md +1 -1
  13. catocli/parsers/mutation_hardware/README.md +7 -0
  14. catocli/parsers/mutation_hardware/__init__.py +23 -0
  15. catocli/parsers/mutation_hardware_updateHardwareShipping/README.md +17 -0
  16. catocli/parsers/mutation_site_addBgpPeer/README.md +1 -1
  17. catocli/parsers/mutation_site_addNetworkRange/README.md +1 -1
  18. catocli/parsers/mutation_site_updateBgpPeer/README.md +1 -1
  19. catocli/parsers/mutation_site_updateNetworkRange/README.md +1 -1
  20. catocli/parsers/mutation_sites_addBgpPeer/README.md +1 -1
  21. catocli/parsers/mutation_sites_addNetworkRange/README.md +1 -1
  22. catocli/parsers/mutation_sites_updateBgpPeer/README.md +1 -1
  23. catocli/parsers/mutation_sites_updateNetworkRange/README.md +1 -1
  24. catocli/parsers/query_auditFeed/README.md +1 -1
  25. catocli/parsers/query_catalogs/README.md +19 -0
  26. catocli/parsers/query_catalogs/__init__.py +17 -0
  27. catocli/parsers/query_devices/README.md +19 -0
  28. catocli/parsers/query_devices/__init__.py +17 -0
  29. catocli/parsers/query_eventsFeed/README.md +1 -1
  30. catocli/parsers/query_hardware/README.md +17 -0
  31. catocli/parsers/query_hardware/__init__.py +17 -0
  32. catocli/parsers/query_sandbox/README.md +1 -1
  33. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/METADATA +1 -1
  34. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/RECORD +139 -114
  35. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/top_level.txt +1 -0
  36. graphql_client/api/call_api.py +4 -0
  37. graphql_client/api_client_types.py +4 -3
  38. graphql_client/configuration.py +2 -0
  39. models/mutation.admin.addAdmin.json +130 -0
  40. models/mutation.hardware.updateHardwareShipping.json +2506 -0
  41. models/mutation.policy.appTenantRestriction.addRule.json +11 -11
  42. models/mutation.policy.appTenantRestriction.createPolicyRevision.json +11 -11
  43. models/mutation.policy.appTenantRestriction.discardPolicyRevision.json +11 -11
  44. models/mutation.policy.appTenantRestriction.moveRule.json +11 -11
  45. models/mutation.policy.appTenantRestriction.publishPolicyRevision.json +11 -11
  46. models/mutation.policy.appTenantRestriction.removeRule.json +11 -11
  47. models/mutation.policy.appTenantRestriction.updatePolicy.json +11 -11
  48. models/mutation.policy.appTenantRestriction.updateRule.json +11 -11
  49. models/mutation.policy.dynamicIpAllocation.addRule.json +4 -4
  50. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +4 -4
  51. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +4 -4
  52. models/mutation.policy.dynamicIpAllocation.moveRule.json +4 -4
  53. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +4 -4
  54. models/mutation.policy.dynamicIpAllocation.removeRule.json +4 -4
  55. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +4 -4
  56. models/mutation.policy.dynamicIpAllocation.updateRule.json +4 -4
  57. models/mutation.policy.internetFirewall.addRule.json +63 -63
  58. models/mutation.policy.internetFirewall.createPolicyRevision.json +45 -45
  59. models/mutation.policy.internetFirewall.discardPolicyRevision.json +45 -45
  60. models/mutation.policy.internetFirewall.moveRule.json +45 -45
  61. models/mutation.policy.internetFirewall.publishPolicyRevision.json +45 -45
  62. models/mutation.policy.internetFirewall.removeRule.json +45 -45
  63. models/mutation.policy.internetFirewall.updatePolicy.json +45 -45
  64. models/mutation.policy.internetFirewall.updateRule.json +63 -63
  65. models/mutation.policy.remotePortFwd.addRule.json +5 -5
  66. models/mutation.policy.remotePortFwd.createPolicyRevision.json +5 -5
  67. models/mutation.policy.remotePortFwd.discardPolicyRevision.json +5 -5
  68. models/mutation.policy.remotePortFwd.moveRule.json +5 -5
  69. models/mutation.policy.remotePortFwd.publishPolicyRevision.json +5 -5
  70. models/mutation.policy.remotePortFwd.removeRule.json +5 -5
  71. models/mutation.policy.remotePortFwd.updatePolicy.json +5 -5
  72. models/mutation.policy.remotePortFwd.updateRule.json +5 -5
  73. models/mutation.policy.socketLan.addRule.json +3580 -125
  74. models/mutation.policy.socketLan.createPolicyRevision.json +3580 -125
  75. models/mutation.policy.socketLan.discardPolicyRevision.json +3580 -125
  76. models/mutation.policy.socketLan.moveRule.json +3580 -125
  77. models/mutation.policy.socketLan.publishPolicyRevision.json +3580 -125
  78. models/mutation.policy.socketLan.removeRule.json +3580 -125
  79. models/mutation.policy.socketLan.updatePolicy.json +3580 -125
  80. models/mutation.policy.socketLan.updateRule.json +3580 -125
  81. models/mutation.policy.wanFirewall.addRule.json +77 -77
  82. models/mutation.policy.wanFirewall.createPolicyRevision.json +59 -59
  83. models/mutation.policy.wanFirewall.discardPolicyRevision.json +59 -59
  84. models/mutation.policy.wanFirewall.moveRule.json +59 -59
  85. models/mutation.policy.wanFirewall.publishPolicyRevision.json +59 -59
  86. models/mutation.policy.wanFirewall.removeRule.json +59 -59
  87. models/mutation.policy.wanFirewall.updatePolicy.json +59 -59
  88. models/mutation.policy.wanFirewall.updateRule.json +77 -77
  89. models/mutation.policy.wanNetwork.addRule.json +49 -49
  90. models/mutation.policy.wanNetwork.createPolicyRevision.json +49 -49
  91. models/mutation.policy.wanNetwork.discardPolicyRevision.json +49 -49
  92. models/mutation.policy.wanNetwork.moveRule.json +49 -49
  93. models/mutation.policy.wanNetwork.publishPolicyRevision.json +49 -49
  94. models/mutation.policy.wanNetwork.removeRule.json +49 -49
  95. models/mutation.policy.wanNetwork.updatePolicy.json +49 -49
  96. models/mutation.policy.wanNetwork.updateRule.json +49 -49
  97. models/mutation.site.addBgpPeer.json +2812 -217
  98. models/mutation.site.addNetworkRange.json +114 -0
  99. models/mutation.site.addSocketSite.json +18 -0
  100. models/mutation.site.removeBgpPeer.json +667 -1
  101. models/mutation.site.updateBgpPeer.json +3152 -559
  102. models/mutation.site.updateNetworkRange.json +114 -0
  103. models/mutation.sites.addBgpPeer.json +2812 -217
  104. models/mutation.sites.addNetworkRange.json +114 -0
  105. models/mutation.sites.addSocketSite.json +18 -0
  106. models/mutation.sites.removeBgpPeer.json +667 -1
  107. models/mutation.sites.updateBgpPeer.json +3152 -559
  108. models/mutation.sites.updateNetworkRange.json +114 -0
  109. models/mutation.xdr.addStoryComment.json +2 -2
  110. models/mutation.xdr.analystFeedback.json +182 -42
  111. models/mutation.xdr.deleteStoryComment.json +2 -2
  112. models/query.accountMetrics.json +112 -0
  113. models/query.accountSnapshot.json +62 -0
  114. models/query.admin.json +46 -0
  115. models/query.admins.json +46 -0
  116. models/query.appStats.json +528 -0
  117. models/query.appStatsTimeSeries.json +396 -0
  118. models/query.auditFeed.json +273 -3336
  119. models/query.catalogs.json +9840 -0
  120. models/query.devices.json +15469 -0
  121. models/query.events.json +4606 -4318
  122. models/query.eventsFeed.json +1167 -1095
  123. models/query.eventsTimeSeries.json +3459 -3243
  124. models/query.hardware.json +5730 -0
  125. models/query.hardwareManagement.json +8 -2
  126. models/query.licensing.json +3 -3
  127. models/query.policy.json +3743 -298
  128. models/query.sandbox.json +6 -4
  129. models/query.site.json +1329 -4
  130. models/query.xdr.stories.json +182 -42
  131. models/query.xdr.story.json +182 -42
  132. schema/catolib.py +105 -28
  133. scripts/catolib.py +62 -0
  134. scripts/export_if_rules_to_json.py +188 -0
  135. scripts/export_wf_rules_to_json.py +111 -0
  136. scripts/import_wf_rules_to_tfstate.py +331 -0
  137. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/LICENSE +0 -0
  138. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/WHEEL +0 -0
  139. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/entry_points.txt +0 -0
models/query.auditFeed.json CHANGED
@@ -151,3400 +151,340 @@
151
151
  "non_null": false
152
152
  },
153
153
  "varName": "auditFieldName"
154
- },
155
- "EventFieldName": {
156
- "defaultValue": null,
157
- "description": null,
158
- "id_str": "filters___fieldName___EventFieldName",
159
- "name": "EventFieldName",
160
- "path": "filters.fieldName.EventFieldName",
161
- "requestStr": "$eventFieldName:EventFieldName ",
162
- "required": false,
163
- "responseStr": "EventFieldName:$eventFieldName ",
164
- "type": {
165
- "definition": {
166
- "description": null,
167
- "enumValues": [
168
- {
169
- "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
170
- "description": "Name of site or user initiating the connection",
171
- "isDeprecated": true,
172
- "name": "src_site"
173
- },
174
- {
175
- "deprecationReason": null,
176
- "description": "Unique internal Cato ID for the site or remote user",
177
- "isDeprecated": false,
178
- "name": "src_site_id"
179
- },
180
- {
181
- "deprecationReason": null,
182
- "description": "Static host",
183
- "isDeprecated": false,
184
- "name": "static_host"
185
- },
186
- {
187
- "deprecationReason": null,
188
- "description": "User ID",
189
- "isDeprecated": false,
190
- "name": "user_id"
191
- },
192
- {
193
- "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
194
- "description": "For WAN traffic, name of destination site or SDP user",
195
- "isDeprecated": true,
196
- "name": "dest_site"
197
- },
198
- {
199
- "deprecationReason": null,
200
- "description": "Unique internal Cato ID for the destination site or remote user",
201
- "isDeprecated": false,
202
- "name": "dest_site_id"
203
- },
204
- {
205
- "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
206
- "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
207
- "isDeprecated": true,
208
- "name": "src_or_dest_site_id"
209
- },
210
- {
211
- "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
212
- "description": "Name of security rule related to the event",
213
- "isDeprecated": true,
214
- "name": "rule"
215
- },
216
- {
217
- "deprecationReason": null,
218
- "description": "The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)",
219
- "isDeprecated": false,
220
- "name": "ISP_name"
221
- },
222
- {
223
- "deprecationReason": null,
224
- "description": "Name for Socket interface",
225
- "isDeprecated": false,
226
- "name": "socket_interface"
227
- },
228
- {
229
- "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
230
- "description": "Name for the custom category defined in the Cato Management Application",
231
- "isDeprecated": true,
232
- "name": "custom_category"
233
- },
234
- {
235
- "deprecationReason": null,
236
- "description": "Host name of Domain Controller that created LDAP event",
237
- "isDeprecated": false,
238
- "name": "directory_host_name"
239
- },
240
- {
241
- "deprecationReason": null,
242
- "description": "Destination port",
243
- "isDeprecated": false,
244
- "name": "dest_port"
245
- },
246
- {
247
- "deprecationReason": null,
248
- "description": "BGP ASN for remote peer",
249
- "isDeprecated": false,
250
- "name": "bgp_peer_asn"
251
- },
252
- {
253
- "deprecationReason": null,
254
- "description": "For Block/Prompt page, reference ID to report incorrect category",
255
- "isDeprecated": false,
256
- "name": "user_reference_id"
257
- },
258
- {
259
- "deprecationReason": null,
260
- "description": "Internal port number",
261
- "isDeprecated": false,
262
- "name": "src_port"
263
- },
264
- {
265
- "deprecationReason": null,
266
- "description": "Data that measures the packet loss for a specific link",
267
- "isDeprecated": false,
268
- "name": "link_health_pkt_loss"
269
- },
270
- {
271
- "deprecationReason": null,
272
- "description": "Name of PoP location",
273
- "isDeprecated": false,
274
- "name": "pop_name"
275
- },
276
- {
277
- "deprecationReason": null,
278
- "description": "IP address of host related to event",
279
- "isDeprecated": false,
280
- "name": "host_ip"
281
- },
282
- {
283
- "deprecationReason": null,
284
- "description": "Cato's description of the event",
285
- "isDeprecated": false,
286
- "name": "event_message"
287
- },
288
- {
289
- "deprecationReason": null,
290
- "description": "Source site or remote user",
291
- "isDeprecated": false,
292
- "name": "src_site_name"
293
- },
294
- {
295
- "deprecationReason": null,
296
- "description": "Domain name based on the SSL SNI, HTTP host name, or DNS name",
297
- "isDeprecated": false,
298
- "name": "domain_name"
299
- },
300
- {
301
- "deprecationReason": null,
302
- "description": "Destination IP address",
303
- "isDeprecated": false,
304
- "name": "dest_ip"
305
- },
306
- {
307
- "deprecationReason": null,
308
- "description": "File hash",
309
- "isDeprecated": false,
310
- "name": "file_hash"
311
- },
312
- {
313
- "deprecationReason": null,
314
- "description": "IP address provided by ISP to site or Client",
315
- "isDeprecated": false,
316
- "name": "src_isp_ip"
317
- },
318
- {
319
- "deprecationReason": null,
320
- "description": "Examples: MFA or password",
321
- "isDeprecated": false,
322
- "name": "authentication_type"
323
- },
324
- {
325
- "deprecationReason": null,
326
- "description": "Rule name",
327
- "isDeprecated": false,
328
- "name": "rule_name"
329
- },
330
- {
331
- "deprecationReason": null,
332
- "description": "Result of LDAP Domain Controller sync event",
333
- "isDeprecated": false,
334
- "name": "directory_sync_result"
335
- },
336
- {
337
- "deprecationReason": null,
338
- "description": "MAC address of host related to event",
339
- "isDeprecated": false,
340
- "name": "host_mac"
341
- },
342
- {
343
- "deprecationReason": null,
344
- "description": "Type of malware event",
345
- "isDeprecated": false,
346
- "name": "threat_type"
347
- },
348
- {
349
- "deprecationReason": null,
350
- "description": "Result of malware event (clean indicates a safe file)",
351
- "isDeprecated": false,
352
- "name": "threat_verdict"
353
- },
354
- {
355
- "deprecationReason": null,
356
- "description": "Name for device related to the event",
357
- "isDeprecated": false,
358
- "name": "device_name"
359
- },
360
- {
361
- "deprecationReason": null,
362
- "description": "Link type \u2013 Cato, Alt. WAN or LAG",
363
- "isDeprecated": false,
364
- "name": "link_type"
365
- },
366
- {
367
- "deprecationReason": null,
368
- "description": "Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)",
369
- "isDeprecated": false,
370
- "name": "login_type"
371
- },
372
- {
373
- "deprecationReason": null,
374
- "description": "For hosts configured with a static IP in the Cato Management Application, the host name",
375
- "isDeprecated": false,
376
- "name": "configured_host_name"
377
- },
378
- {
379
- "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
380
- "description": "Cato Internal-use only",
381
- "isDeprecated": true,
382
- "name": "internalId"
383
- },
384
- {
385
- "deprecationReason": null,
386
- "description": "Event Id",
387
- "isDeprecated": false,
388
- "name": "event_id"
389
- },
390
- {
391
- "deprecationReason": null,
392
- "description": "Type of LDAP Domain Controller sync event",
393
- "isDeprecated": false,
394
- "name": "directory_sync_type"
395
- },
396
- {
397
- "deprecationReason": null,
398
- "description": "User\u2019s email address",
399
- "isDeprecated": false,
400
- "name": "vpn_user_email"
401
- },
402
- {
403
- "deprecationReason": null,
404
- "description": "Type of process generating this traffic",
405
- "isDeprecated": false,
406
- "name": "client_class"
407
- },
408
- {
409
- "deprecationReason": null,
410
- "description": "For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)",
411
- "isDeprecated": false,
412
- "name": "incident_aggregation"
413
- },
414
- {
415
- "deprecationReason": null,
416
- "description": "Type of Socket reset (Hardware/Software)",
417
- "isDeprecated": false,
418
- "name": "socket_reset"
419
- },
420
- {
421
- "deprecationReason": null,
422
- "description": "User that generated the event",
423
- "isDeprecated": false,
424
- "name": "user_name"
425
- },
426
- {
427
- "deprecationReason": null,
428
- "description": "Socket or SDP Client version",
429
- "isDeprecated": false,
430
- "name": "client_version"
431
- },
432
- {
433
- "deprecationReason": null,
434
- "description": "File size",
435
- "isDeprecated": false,
436
- "name": "file_size"
437
- },
438
- {
439
- "deprecationReason": null,
440
- "description": "Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)",
441
- "isDeprecated": false,
442
- "name": "registration_code"
443
- },
444
- {
445
- "deprecationReason": null,
446
- "description": "BGP disconnect error code",
447
- "isDeprecated": false,
448
- "name": "bgp_error_code"
449
- },
450
- {
451
- "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
452
- "description": "Description from Cato Management Application for BGP peer",
453
- "isDeprecated": true,
454
- "name": "bgp_peer_description"
455
- },
456
- {
457
- "deprecationReason": null,
458
- "description": "For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked",
459
- "isDeprecated": false,
460
- "name": "threat_name"
461
- },
462
- {
463
- "deprecationReason": null,
464
- "description": "For QoS, the time that this QoS event started. The event is generated when the QoS event finishes",
465
- "isDeprecated": false,
466
- "name": "qos_reported_time"
467
- },
468
- {
469
- "deprecationReason": null,
470
- "description": "Network protocol for this event",
471
- "isDeprecated": false,
472
- "name": "ip_protocol"
473
- },
474
- {
475
- "deprecationReason": null,
476
- "description": "BGP ASN for Cato peer",
477
- "isDeprecated": false,
478
- "name": "bgp_cato_asn"
479
- },
480
- {
481
- "deprecationReason": null,
482
- "description": "IP for host or Cato Client",
483
- "isDeprecated": false,
484
- "name": "src_ip"
485
- },
486
- {
487
- "deprecationReason": null,
488
- "description": "Link to external malware reference",
489
- "isDeprecated": false,
490
- "name": "threat_reference"
491
- },
492
- {
493
- "deprecationReason": null,
494
- "description": "Firewall, QoS or LAG action",
495
- "isDeprecated": false,
496
- "name": "action"
497
- },
498
- {
499
- "deprecationReason": null,
500
- "description": "For LDAP sync events, name of the AD domain",
501
- "isDeprecated": false,
502
- "name": "windows_domain_name"
503
- },
504
- {
505
- "deprecationReason": null,
506
- "description": "(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low \u2013 ie. adware Medium \u2013 ie. network scans High \u2013 ie. spyware or worms",
507
- "isDeprecated": false,
508
- "name": "risk_level"
509
- },
510
- {
511
- "deprecationReason": null,
512
- "description": "For Socket upgrade, previous version number",
513
- "isDeprecated": false,
514
- "name": "socket_old_version"
515
- },
516
- {
517
- "deprecationReason": null,
518
- "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
519
- "isDeprecated": false,
520
- "name": "link_health_latency"
521
- },
522
- {
523
- "deprecationReason": null,
524
- "description": "Protocol for the tunnel",
525
- "isDeprecated": false,
526
- "name": "tunnel_protocol"
527
- },
528
- {
529
- "deprecationReason": null,
530
- "description": "For Socket upgrades, new version number",
531
- "isDeprecated": false,
532
- "name": "socket_new_version"
533
- },
534
- {
535
- "deprecationReason": null,
536
- "description": "Socket version number",
537
- "isDeprecated": false,
538
- "name": "socket_version"
539
- },
540
- {
541
- "deprecationReason": null,
542
- "description": "Data that measures the jitter for a specific link",
543
- "isDeprecated": false,
544
- "name": "link_health_jitter"
545
- },
546
- {
547
- "deprecationReason": null,
548
- "description": "Socket upgrade start time (Linux epoch format)",
549
- "isDeprecated": false,
550
- "name": "upgrade_start_time"
551
- },
552
- {
553
- "deprecationReason": null,
554
- "description": "BGP IP for Cato peer",
555
- "isDeprecated": false,
556
- "name": "bgp_cato_ip"
557
- },
558
- {
559
- "deprecationReason": null,
560
- "description": "Cato system category",
561
- "isDeprecated": false,
562
- "name": "categories"
563
- },
564
- {
565
- "deprecationReason": null,
566
- "description": "Unique Cato ID for the security rule related to the event",
567
- "isDeprecated": false,
568
- "name": "rule_id"
569
- },
570
- {
571
- "deprecationReason": null,
572
- "description": "For Socket HA events, indicates if the Socket is primary or secondary",
573
- "isDeprecated": false,
574
- "name": "socket_role"
575
- },
576
- {
577
- "deprecationReason": null,
578
- "description": "Number of targets (servers) associated with this event",
579
- "isDeprecated": false,
580
- "name": "targets_cardinality"
581
- },
582
- {
583
- "deprecationReason": null,
584
- "description": "Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)",
585
- "isDeprecated": false,
586
- "name": "upgrade_initiated_by"
587
- },
588
- {
589
- "deprecationReason": null,
590
- "description": "For WAN traffic, destination is site or SDP user",
591
- "isDeprecated": false,
592
- "name": "dest_is_site_or_vpn"
593
- },
594
- {
595
- "deprecationReason": null,
596
- "description": "BGP IP for remote peer",
597
- "isDeprecated": false,
598
- "name": "bgp_peer_ip"
599
- },
600
- {
601
- "deprecationReason": null,
602
- "description": "Source type: site or remote user",
603
- "isDeprecated": false,
604
- "name": "src_is_site_or_vpn"
605
- },
606
- {
607
- "deprecationReason": null,
608
- "description": "Active Directory name",
609
- "isDeprecated": false,
610
- "name": "ad_name"
611
- },
612
- {
613
- "deprecationReason": null,
614
- "description": "Method used to get identity with User Awareness (such as Identity Agent)",
615
- "isDeprecated": false,
616
- "name": "user_awareness_method"
617
- },
618
- {
619
- "deprecationReason": null,
620
- "description": "Data that measures the congestion for a specific link",
621
- "isDeprecated": false,
622
- "name": "link_health_is_congested"
623
- },
624
- {
625
- "deprecationReason": null,
626
- "description": "Name of subnet as defined in Cato Management Application",
627
- "isDeprecated": false,
628
- "name": "subnet_name"
629
- },
630
- {
631
- "deprecationReason": null,
632
- "description": "OS version for the device (such as 14.3.0)",
633
- "isDeprecated": false,
634
- "name": "os_version"
635
- },
636
- {
637
- "deprecationReason": null,
638
- "description": "Sub-type for Routing, Security, Connectivity, System or Sockets Management event",
639
- "isDeprecated": false,
640
- "name": "event_sub_type"
641
- },
642
- {
643
- "deprecationReason": null,
644
- "description": "Host OS or tunnel device",
645
- "isDeprecated": false,
646
- "name": "os_type"
647
- },
648
- {
649
- "deprecationReason": null,
650
- "description": "Direction of network traffic for this event, values are inbound or outbound",
651
- "isDeprecated": false,
652
- "name": "traffic_direction"
653
- },
654
- {
655
- "deprecationReason": null,
656
- "description": "BGP disconnect error message",
657
- "isDeprecated": false,
658
- "name": "bgp_suberror_code"
659
- },
660
- {
661
- "deprecationReason": null,
662
- "description": "CIDR for BGP route",
663
- "isDeprecated": false,
664
- "name": "bgp_route_cidr"
665
- },
666
- {
667
- "deprecationReason": null,
668
- "description": "Unique Cato ID that identifies this security incident",
669
- "isDeprecated": false,
670
- "name": "incident_id"
671
- },
672
- {
673
- "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
674
- "description": "For Internet firewall, app for this event",
675
- "isDeprecated": true,
676
- "name": "application"
677
- },
678
- {
679
- "deprecationReason": null,
680
- "description": "The name of the application associated with the flow",
681
- "isDeprecated": false,
682
- "name": "application_name"
683
- },
684
- {
685
- "deprecationReason": null,
686
- "description": "Application ID of the flow",
687
- "isDeprecated": false,
688
- "name": "application_id"
689
- },
690
- {
691
- "deprecationReason": null,
692
- "description": "Socket upgrade end time (Linux epoch format):",
693
- "isDeprecated": false,
694
- "name": "upgrade_end_time"
695
- },
696
- {
697
- "deprecationReason": null,
698
- "description": "Socket interface ID",
699
- "isDeprecated": false,
700
- "name": "socket_interface_id"
701
- },
702
- {
703
- "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
704
- "description": "Unique Cato ID for the custom category",
705
- "isDeprecated": true,
706
- "name": "custom_categories"
707
- },
708
- {
709
- "deprecationReason": null,
710
- "description": "Custom category ID",
711
- "isDeprecated": false,
712
- "name": "custom_category_id"
713
- },
714
- {
715
- "deprecationReason": null,
716
- "description": "Custom category name",
717
- "isDeprecated": false,
718
- "name": "custom_category_name"
719
- },
720
- {
721
- "deprecationReason": null,
722
- "description": "Country in which the source host is located (detected via public IP address)",
723
- "isDeprecated": false,
724
- "name": "src_country"
725
- },
726
- {
727
- "deprecationReason": null,
728
- "description": "Country Code of country in which the source host is located (detected via public IP address)",
729
- "isDeprecated": false,
730
- "name": "src_country_code"
731
- },
732
- {
733
- "deprecationReason": null,
734
- "description": "Count for events that are repeated multiple times during one minute",
735
- "isDeprecated": false,
736
- "name": "event_count"
737
- },
738
- {
739
- "deprecationReason": null,
740
- "description": "File name",
741
- "isDeprecated": false,
742
- "name": "file_name"
743
- },
744
- {
745
- "deprecationReason": null,
746
- "description": "IP address of Domain Controller that created LDAP event",
747
- "isDeprecated": false,
748
- "name": "directory_ip"
749
- },
750
- {
751
- "deprecationReason": null,
752
- "description": "Time stamp of event (Linux epoch format)",
753
- "isDeprecated": false,
754
- "name": "time"
755
- },
756
- {
757
- "deprecationReason": null,
758
- "description": "URL associated with the event",
759
- "isDeprecated": false,
760
- "name": "url"
761
- },
762
- {
763
- "deprecationReason": null,
764
- "description": "For Internet traffic, country where the destination host is located",
765
- "isDeprecated": false,
766
- "name": "dest_country"
767
- },
768
- {
769
- "deprecationReason": null,
770
- "description": "For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)",
771
- "isDeprecated": false,
772
- "name": "dest_country_code"
773
- },
774
- {
775
- "deprecationReason": null,
776
- "description": "Amount of flows for a given incident",
777
- "isDeprecated": false,
778
- "name": "flows_cardinality"
779
- },
780
- {
781
- "deprecationReason": null,
782
- "description": "The name of the destination site",
783
- "isDeprecated": false,
784
- "name": "dest_site_name"
785
- },
786
- {
787
- "deprecationReason": null,
788
- "description": "Routing, Security, Connectivity, System or Sockets Management event",
789
- "isDeprecated": false,
790
- "name": "event_type"
791
- },
792
- {
793
- "deprecationReason": null,
794
- "description": "Account ID",
795
- "isDeprecated": false,
796
- "name": "account_id"
797
- },
798
- {
799
- "deprecationReason": null,
800
- "description": "For IPS and SAM, ID of the IPS signature",
801
- "isDeprecated": false,
802
- "name": "signature_id"
803
- },
804
- {
805
- "deprecationReason": null,
806
- "description": "Expiration date for Client certificate",
807
- "isDeprecated": false,
808
- "name": "client_cert_expires"
809
- },
810
- {
811
- "deprecationReason": null,
812
- "description": "Name of Client certificate",
813
- "isDeprecated": false,
814
- "name": "client_cert_name"
815
- },
816
- {
817
- "deprecationReason": null,
818
- "description": "Is the app for this event defined as a sanctioned app? (True/False)",
819
- "isDeprecated": false,
820
- "name": "is_sanctioned_app"
821
- },
822
- {
823
- "deprecationReason": null,
824
- "description": "Name of application activity",
825
- "isDeprecated": false,
826
- "name": "app_activity"
827
- },
828
- {
829
- "deprecationReason": null,
830
- "description": "Activity type",
831
- "isDeprecated": false,
832
- "name": "app_activity_type"
833
- },
834
- {
835
- "deprecationReason": null,
836
- "description": "Device posture profiles",
837
- "isDeprecated": false,
838
- "name": "device_posture_profile"
839
- },
840
- {
841
- "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
842
- "description": "Device posture profiles",
843
- "isDeprecated": true,
844
- "name": "device_posture_profiles"
845
- },
846
- {
847
- "deprecationReason": null,
848
- "description": "Full path URL application activity",
849
- "isDeprecated": false,
850
- "name": "full_path_url"
851
- },
852
- {
853
- "deprecationReason": null,
854
- "description": "Application risk score",
855
- "isDeprecated": false,
856
- "name": "application_risk"
857
- },
858
- {
859
- "deprecationReason": null,
860
- "description": "Mitre attack techniques",
861
- "isDeprecated": false,
862
- "name": "mitre_attack_techniques"
863
- },
864
- {
865
- "deprecationReason": null,
866
- "description": "Mitre attack subtechniques",
867
- "isDeprecated": false,
868
- "name": "mitre_attack_subtechniques"
869
- },
870
- {
871
- "deprecationReason": null,
872
- "description": "Mitre attack tactics",
873
- "isDeprecated": false,
874
- "name": "mitre_attack_tactics"
875
- },
876
- {
877
- "deprecationReason": null,
878
- "description": "Indicator",
879
- "isDeprecated": false,
880
- "name": "indicator"
881
- },
882
- {
883
- "deprecationReason": null,
884
- "description": "For SaaS Security API, SaaS app for the connector",
885
- "isDeprecated": false,
886
- "name": "connector_type"
887
- },
888
- {
889
- "deprecationReason": null,
890
- "description": "For SaaS Security API, name of the connector",
891
- "isDeprecated": false,
892
- "name": "connector_name"
893
- },
894
- {
895
- "deprecationReason": null,
896
- "description": "For SaaS Security API, status of the connector",
897
- "isDeprecated": false,
898
- "name": "connector_status"
899
- },
900
- {
901
- "deprecationReason": null,
902
- "description": "For SaaS Security API, parent Microsoft 365 connector",
903
- "isDeprecated": false,
904
- "name": "parent_connector_name"
905
- },
906
- {
907
- "deprecationReason": null,
908
- "description": "File type",
909
- "isDeprecated": false,
910
- "name": "file_type"
911
- },
912
- {
913
- "deprecationReason": null,
914
- "description": "Describes the behavior when the DLP system encounters a failure",
915
- "isDeprecated": false,
916
- "name": "dlp_fail_mode"
917
- },
918
- {
919
- "deprecationReason": null,
920
- "description": "DLP profiles related to the event",
921
- "isDeprecated": false,
922
- "name": "dlp_profiles"
923
- },
924
- {
925
- "deprecationReason": null,
926
- "description": "Matched DLP data types related to the event",
927
- "isDeprecated": false,
928
- "name": "matched_data_types"
929
- },
930
- {
931
- "deprecationReason": null,
932
- "description": "Severity defined for the rule",
933
- "isDeprecated": false,
934
- "name": "severity"
935
- },
936
- {
937
- "deprecationReason": null,
938
- "description": "For SaaS Security API, email address of the file owner",
939
- "isDeprecated": false,
940
- "name": "owner"
941
- },
942
- {
943
- "deprecationReason": null,
944
- "description": "For SaaS Security API, email addresses of the users that received the file",
945
- "isDeprecated": false,
946
- "name": "collaborators"
947
- },
948
- {
949
- "deprecationReason": null,
950
- "description": "Email Subject",
951
- "isDeprecated": false,
952
- "name": "email_subject"
953
- },
954
- {
955
- "deprecationReason": null,
956
- "description": "Sharing Options for the file (such as SharePoint)",
957
- "isDeprecated": false,
958
- "name": "sharing_scope"
959
- },
960
- {
961
- "deprecationReason": null,
962
- "description": "Cato\u2019s DNS Protection type that matched the DNS request",
963
- "isDeprecated": false,
964
- "name": "dns_protection_category"
965
- },
966
- {
967
- "deprecationReason": null,
968
- "description": "If the events was part of the sinkhole flow",
969
- "isDeprecated": false,
970
- "name": "is_sinkhole"
971
- },
972
- {
973
- "deprecationReason": null,
974
- "description": "The ID for the endpoint",
975
- "isDeprecated": false,
976
- "name": "endpoint_id"
977
- },
978
- {
979
- "deprecationReason": null,
980
- "description": "The Endpoint Protection Engine that detected the malware",
981
- "isDeprecated": false,
982
- "name": "epp_engine_type"
983
- },
984
- {
985
- "deprecationReason": null,
986
- "description": "The file operation when this event occurred",
987
- "isDeprecated": false,
988
- "name": "file_operation"
989
- },
990
- {
991
- "deprecationReason": null,
992
- "description": null,
993
- "isDeprecated": false,
994
- "name": "final_object_status"
995
- },
996
- {
997
- "deprecationReason": null,
998
- "description": null,
999
- "isDeprecated": false,
1000
- "name": "object_name"
1001
- },
1002
- {
1003
- "deprecationReason": null,
1004
- "description": null,
1005
- "isDeprecated": false,
1006
- "name": "object_type"
1007
- },
1008
- {
1009
- "deprecationReason": null,
1010
- "description": null,
1011
- "isDeprecated": false,
1012
- "name": "object_id"
1013
- },
1014
- {
1015
- "deprecationReason": null,
1016
- "description": null,
1017
- "isDeprecated": false,
1018
- "name": "alert_id"
1019
- },
1020
- {
1021
- "deprecationReason": null,
1022
- "description": "The vendor that identified the incident, such as Cato or Microsoft",
1023
- "isDeprecated": false,
1024
- "name": "vendor"
1025
- },
1026
- {
1027
- "deprecationReason": null,
1028
- "description": null,
1029
- "isDeprecated": false,
1030
- "name": "vendor_user_id"
1031
- },
1032
- {
1033
- "deprecationReason": null,
1034
- "description": null,
1035
- "isDeprecated": false,
1036
- "name": "status"
1037
- },
1038
- {
1039
- "deprecationReason": null,
1040
- "description": null,
1041
- "isDeprecated": false,
1042
- "name": "classification"
1043
- },
1044
- {
1045
- "deprecationReason": null,
1046
- "description": null,
1047
- "isDeprecated": false,
1048
- "name": "quarantine_folder_path"
1049
- },
1050
- {
1051
- "deprecationReason": null,
1052
- "description": null,
1053
- "isDeprecated": false,
1054
- "name": "title"
1055
- },
1056
- {
1057
- "deprecationReason": null,
1058
- "description": null,
1059
- "isDeprecated": false,
1060
- "name": "recommended_actions"
1061
- },
1062
- {
1063
- "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
1064
- "description": null,
1065
- "isDeprecated": true,
1066
- "name": "pid"
1067
- },
1068
- {
1069
- "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
1070
- "description": null,
1071
- "isDeprecated": true,
1072
- "name": "parent_pid"
1073
- },
1074
- {
1075
- "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
1076
- "description": null,
1077
- "isDeprecated": true,
1078
- "name": "process_path"
1079
- },
1080
- {
1081
- "deprecationReason": null,
1082
- "description": null,
1083
- "isDeprecated": false,
1084
- "name": "failure_reason"
1085
- },
1086
- {
1087
- "deprecationReason": null,
1088
- "description": null,
1089
- "isDeprecated": false,
1090
- "name": "out_of_band_access"
1091
- },
1092
- {
1093
- "deprecationReason": null,
1094
- "description": "A Unique ID for the quarantined file",
1095
- "isDeprecated": false,
1096
- "name": "quarantine_uuid"
1097
- },
1098
- {
1099
- "deprecationReason": null,
1100
- "description": null,
1101
- "isDeprecated": false,
1102
- "name": "logged_in_user"
1103
- },
1104
- {
1105
- "deprecationReason": null,
1106
- "description": "The profile assigned to the endpoint upon detection of the malware",
1107
- "isDeprecated": false,
1108
- "name": "epp_profile"
1109
- },
1110
- {
1111
- "deprecationReason": null,
1112
- "description": "Source process ID",
1113
- "isDeprecated": false,
1114
- "name": "src_pid"
1115
- },
1116
- {
1117
- "deprecationReason": null,
1118
- "description": "Source process file path",
1119
- "isDeprecated": false,
1120
- "name": "src_process_path"
1121
- },
1122
- {
1123
- "deprecationReason": null,
1124
- "description": "Source process command line",
1125
- "isDeprecated": false,
1126
- "name": "src_process_cmdline"
1127
- },
1128
- {
1129
- "deprecationReason": null,
1130
- "description": "Source process parent process ID",
1131
- "isDeprecated": false,
1132
- "name": "src_process_parent_pid"
1133
- },
1134
- {
1135
- "deprecationReason": null,
1136
- "description": "Source process parent file path",
1137
- "isDeprecated": false,
1138
- "name": "src_process_parent_path"
1139
- },
1140
- {
1141
- "deprecationReason": null,
1142
- "description": "The destination process ID",
1143
- "isDeprecated": false,
1144
- "name": "dest_pid"
1145
- },
1146
- {
1147
- "deprecationReason": null,
1148
- "description": "Destination process file path",
1149
- "isDeprecated": false,
1150
- "name": "dest_process_path"
1151
- },
1152
- {
1153
- "deprecationReason": null,
1154
- "description": "Destination process command line",
1155
- "isDeprecated": false,
1156
- "name": "dest_process_cmdline"
1157
- },
1158
- {
1159
- "deprecationReason": null,
1160
- "description": "Destination process parent process ID",
1161
- "isDeprecated": false,
1162
- "name": "dest_process_parent_pid"
1163
- },
1164
- {
1165
- "deprecationReason": null,
1166
- "description": "Destination process parent file path",
1167
- "isDeprecated": false,
1168
- "name": "dest_process_parent_path"
1169
- },
1170
- {
1171
- "deprecationReason": null,
1172
- "description": "If policy is set to disinfect, return the result of this action",
1173
- "isDeprecated": false,
1174
- "name": "disinfect_result"
1175
- },
1176
- {
1177
- "deprecationReason": null,
1178
- "description": "Indicate how many processes are part of this event",
1179
- "isDeprecated": false,
1180
- "name": "processes_count"
1181
- },
1182
- {
1183
- "deprecationReason": null,
1184
- "description": "HTTP request method (ie. Get, Post)",
1185
- "isDeprecated": false,
1186
- "name": "http_request_method"
1187
- },
1188
- {
1189
- "deprecationReason": null,
1190
- "description": "XFF HTTP header indicates the original IP address for the connections",
1191
- "isDeprecated": false,
1192
- "name": "xff"
1193
- },
1194
- {
1195
- "deprecationReason": null,
1196
- "description": "Domain queried in the DNS request",
1197
- "isDeprecated": false,
1198
- "name": "dns_query"
1199
- },
1200
- {
1201
- "deprecationReason": null,
1202
- "description": "Name defined for the public API Key in the Cato Management Application",
1203
- "isDeprecated": false,
1204
- "name": "key_name"
1205
- },
1206
- {
1207
- "deprecationReason": null,
1208
- "description": null,
1209
- "isDeprecated": false,
1210
- "name": "api_type"
1211
- },
1212
- {
1213
- "deprecationReason": null,
1214
- "description": null,
1215
- "isDeprecated": false,
1216
- "name": "api_name"
1217
- },
1218
- {
1219
- "deprecationReason": null,
1220
- "description": "Related Apps",
1221
- "isDeprecated": false,
1222
- "name": "app_stack"
1223
- },
1224
- {
1225
- "deprecationReason": null,
1226
- "description": "TLS Inspection rule name",
1227
- "isDeprecated": false,
1228
- "name": "tls_rule_name"
1229
- },
1230
- {
1231
- "deprecationReason": null,
1232
- "description": "TLS Certificate Error",
1233
- "isDeprecated": false,
1234
- "name": "tls_certificate_error"
1235
- },
1236
- {
1237
- "deprecationReason": null,
1238
- "description": "TLS Version",
1239
- "isDeprecated": false,
1240
- "name": "tls_version"
1241
- },
1242
- {
1243
- "deprecationReason": null,
1244
- "description": "TLS Error Type",
1245
- "isDeprecated": false,
1246
- "name": "tls_error_type"
1247
- },
1248
- {
1249
- "deprecationReason": null,
1250
- "description": "TLS Error Description",
1251
- "isDeprecated": false,
1252
- "name": "tls_error_description"
1253
- },
1254
- {
1255
- "deprecationReason": null,
1256
- "description": "Cato application name",
1257
- "isDeprecated": false,
1258
- "name": "cato_app"
1259
- },
1260
- {
1261
- "deprecationReason": null,
1262
- "description": "Prompt Page Selected Action",
1263
- "isDeprecated": false,
1264
- "name": "prompt_action"
1265
- },
1266
- {
1267
- "deprecationReason": null,
1268
- "description": "Unique Cato ID for devices",
1269
- "isDeprecated": false,
1270
- "name": "device_id"
1271
- },
1272
- {
1273
- "deprecationReason": null,
1274
- "description": "Unique Cato Visible ID for devices",
1275
- "isDeprecated": false,
1276
- "name": "visible_device_id"
1277
- },
1278
- {
1279
- "deprecationReason": null,
1280
- "description": "Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN",
1281
- "isDeprecated": false,
1282
- "name": "auth_method"
1283
- },
1284
- {
1285
- "deprecationReason": null,
1286
- "description": "Always-On Bypass Method",
1287
- "isDeprecated": false,
1288
- "name": "bypass_method"
1289
- },
1290
- {
1291
- "deprecationReason": null,
1292
- "description": "Always-On Bypass Duration In Seconds",
1293
- "isDeprecated": false,
1294
- "name": "bypass_duration_sec"
1295
- },
1296
- {
1297
- "deprecationReason": null,
1298
- "description": "Always-On Bypass Reason",
1299
- "isDeprecated": false,
1300
- "name": "bypass_reason"
1301
- },
1302
- {
1303
- "deprecationReason": null,
1304
- "description": "Sign In Types",
1305
- "isDeprecated": false,
1306
- "name": "sign_in_event_types"
1307
- },
1308
- {
1309
- "deprecationReason": null,
1310
- "description": "Unique identifier for the tenant within a multi-tenant environment",
1311
- "isDeprecated": false,
1312
- "name": "tenant_id"
1313
- },
1314
- {
1315
- "deprecationReason": null,
1316
- "description": "Tenant Name",
1317
- "isDeprecated": false,
1318
- "name": "tenant_name"
1319
- },
1320
- {
1321
- "deprecationReason": null,
1322
- "description": "User Agent",
1323
- "isDeprecated": false,
1324
- "name": "user_agent"
1325
- },
1326
- {
1327
- "deprecationReason": null,
1328
- "description": "Vendor Event Id",
1329
- "isDeprecated": false,
1330
- "name": "vendor_event_id"
1331
- },
1332
- {
1333
- "deprecationReason": null,
1334
- "description": "Vendor Device Id",
1335
- "isDeprecated": false,
1336
- "name": "vendor_device_id"
1337
- },
1338
- {
1339
- "deprecationReason": null,
1340
- "description": "Vendor Device Name",
1341
- "isDeprecated": false,
1342
- "name": "vendor_device_name"
1343
- },
1344
- {
1345
- "deprecationReason": null,
1346
- "description": "Is Compliant",
1347
- "isDeprecated": false,
1348
- "name": "is_compliant"
1349
- },
1350
- {
1351
- "deprecationReason": null,
1352
- "description": "Is Managed",
1353
- "isDeprecated": false,
1354
- "name": "is_managed"
1355
- },
1356
- {
1357
- "deprecationReason": null,
1358
- "description": "Trust Type",
1359
- "isDeprecated": false,
1360
- "name": "trust_type"
1361
- },
1362
- {
1363
- "deprecationReason": null,
1364
- "description": "Confidence Level",
1365
- "isDeprecated": false,
1366
- "name": "confidence_level"
1367
- },
1368
- {
1369
- "deprecationReason": null,
1370
- "description": "Defines the scanning methods used by the DLP system",
1371
- "isDeprecated": false,
1372
- "name": "dlp_scan_types"
1373
- },
1374
- {
1375
- "deprecationReason": null,
1376
- "description": "Network Access",
1377
- "isDeprecated": false,
1378
- "name": "network_access"
1379
- },
1380
- {
1381
- "deprecationReason": null,
1382
- "description": "Analyst Verdict",
1383
- "isDeprecated": false,
1384
- "name": "analyst_verdict"
1385
- },
1386
- {
1387
- "deprecationReason": null,
1388
- "description": "Criticality",
1389
- "isDeprecated": false,
1390
- "name": "criticality"
1391
- },
1392
- {
1393
- "deprecationReason": null,
1394
- "description": "Indication",
1395
- "isDeprecated": false,
1396
- "name": "indication"
1397
- },
1398
- {
1399
- "deprecationReason": null,
1400
- "description": "Producer",
1401
- "isDeprecated": false,
1402
- "name": "producer"
1403
- },
1404
- {
1405
- "deprecationReason": null,
1406
- "description": "Story Id",
1407
- "isDeprecated": false,
1408
- "name": "story_id"
1409
- },
1410
- {
1411
- "deprecationReason": null,
1412
- "description": "Raw Data",
1413
- "isDeprecated": false,
1414
- "name": "raw_data"
1415
- },
1416
- {
1417
- "deprecationReason": null,
1418
- "description": "Trigger",
1419
- "isDeprecated": false,
1420
- "name": "trigger"
1421
- },
1422
- {
1423
- "deprecationReason": null,
1424
- "description": "Matched network rule",
1425
- "isDeprecated": false,
1426
- "name": "network_rule"
1427
- },
1428
- {
1429
- "deprecationReason": null,
1430
- "description": "The algorithm that is used (CUBIC /NewReno / BBR)",
1431
- "isDeprecated": false,
1432
- "name": "congestion_algorithm"
1433
- },
1434
- {
1435
- "deprecationReason": null,
1436
- "description": "Shows if traffic was TCP accelerated or not",
1437
- "isDeprecated": false,
1438
- "name": "tcp_acceleration"
1439
- },
1440
- {
1441
- "deprecationReason": null,
1442
- "description": "Shows if traffic was TLS inspected or not",
1443
- "isDeprecated": false,
1444
- "name": "tls_inspection"
1445
- },
1446
- {
1447
- "deprecationReason": null,
1448
- "description": "Public source IP",
1449
- "isDeprecated": false,
1450
- "name": "public_ip"
1451
- },
1452
- {
1453
- "deprecationReason": null,
1454
- "description": "Egress Site Name for backhauling traffic",
1455
- "isDeprecated": false,
1456
- "name": "egress_site_name"
1457
- },
1458
- {
1459
- "deprecationReason": null,
1460
- "description": "Egress PoP Name",
1461
- "isDeprecated": false,
1462
- "name": "egress_pop_name"
1463
- },
1464
- {
1465
- "deprecationReason": null,
1466
- "description": "QoS Priority value",
1467
- "isDeprecated": false,
1468
- "name": "qos_priority"
1469
- },
1470
- {
1471
- "deprecationReason": null,
1472
- "description": "Split Tunnel Configuration",
1473
- "isDeprecated": false,
1474
- "name": "split_tunnel_configuration"
1475
- },
1476
- {
1477
- "deprecationReason": null,
1478
- "description": "Pac File Enabled/Disabled",
1479
- "isDeprecated": false,
1480
- "name": "pac_file"
1481
- },
1482
- {
1483
- "deprecationReason": null,
1484
- "description": "Always-on Configuration",
1485
- "isDeprecated": false,
1486
- "name": "always_on_configuration"
1487
- },
1488
- {
1489
- "deprecationReason": null,
1490
- "description": "Lan access Allowed / Blocked",
1491
- "isDeprecated": false,
1492
- "name": "vpn_lan_access"
1493
- },
1494
- {
1495
- "deprecationReason": null,
1496
- "description": "Connect on boot Enabled/Disabled",
1497
- "isDeprecated": false,
1498
- "name": "connect_on_boot"
1499
- },
1500
- {
1501
- "deprecationReason": null,
1502
- "description": "Trusted networks Enabled/Disabled",
1503
- "isDeprecated": false,
1504
- "name": "trusted_networks"
1505
- },
1506
- {
1507
- "deprecationReason": null,
1508
- "description": "Office mode Enabled/Disabled",
1509
- "isDeprecated": false,
1510
- "name": "office_mode"
1511
- },
1512
- {
1513
- "deprecationReason": null,
1514
- "description": "Device Certificate Validated/Not Validated",
1515
- "isDeprecated": false,
1516
- "name": "device_certificate"
1517
- },
1518
- {
1519
- "deprecationReason": null,
1520
- "description": "Tunnel Protocol TCP/UDP",
1521
- "isDeprecated": false,
1522
- "name": "tunnel_ip_protocol"
1523
- },
1524
- {
1525
- "deprecationReason": null,
1526
- "description": "For SaaS Security API, description of Apps Security Notification",
1527
- "isDeprecated": false,
1528
- "name": "notification_description"
1529
- },
1530
- {
1531
- "deprecationReason": null,
1532
- "description": "For SaaS Security API, API Error of Apps Security Notification",
1533
- "isDeprecated": false,
1534
- "name": "notification_api_error"
1535
- },
1536
- {
1537
- "deprecationReason": null,
1538
- "description": "The URL that links directly to the object involved in the activity",
1539
- "isDeprecated": false,
1540
- "name": "reference_url"
1541
- },
1542
- {
1543
- "deprecationReason": null,
1544
- "description": "SaaS user activities into categories.",
1545
- "isDeprecated": false,
1546
- "name": "app_activity_category"
1547
- },
1548
- {
1549
- "deprecationReason": null,
1550
- "description": "Indicates whether an activity requires administrative permissions.",
1551
- "isDeprecated": false,
1552
- "name": "is_admin_activity"
1553
- },
1554
- {
1555
- "deprecationReason": null,
1556
- "description": "Classifies users based on their permissions.",
1557
- "isDeprecated": false,
1558
- "name": "is_admin"
1559
- },
1560
- {
1561
- "deprecationReason": null,
1562
- "description": "Shows the display name of the target user involved in an activity",
1563
- "isDeprecated": false,
1564
- "name": "collaborator_name"
1565
- },
1566
- {
1567
- "deprecationReason": null,
1568
- "description": "The unique identifier by the SaaS vendor for the target group in an activity.",
1569
- "isDeprecated": false,
1570
- "name": "dest_group_id"
1571
- },
1572
- {
1573
- "deprecationReason": null,
1574
- "description": "Identifies the target group involved in an activity",
1575
- "isDeprecated": false,
1576
- "name": "dest_group_name"
1577
- },
1578
- {
1579
- "deprecationReason": null,
1580
- "description": "Identifies system access software or device",
1581
- "isDeprecated": false,
1582
- "name": "access_method"
1583
- },
1584
- {
1585
- "deprecationReason": null,
1586
- "description": "Shows the id of the target user involved in an activity",
1587
- "isDeprecated": false,
1588
- "name": "vendor_collaborator_id"
1589
- },
1590
- {
1591
- "deprecationReason": null,
1592
- "description": "Device Categories",
1593
- "isDeprecated": false,
1594
- "name": "device_categories"
1595
- },
1596
- {
1597
- "deprecationReason": null,
1598
- "description": "Device Manufacturer",
1599
- "isDeprecated": false,
1600
- "name": "device_manufacturer"
1601
- },
1602
- {
1603
- "deprecationReason": null,
1604
- "description": "Device Model",
1605
- "isDeprecated": false,
1606
- "name": "device_model"
1607
- },
1608
- {
1609
- "deprecationReason": null,
1610
- "description": "Device OS Type",
1611
- "isDeprecated": false,
1612
- "name": "device_os_type"
1613
- },
1614
- {
1615
- "deprecationReason": null,
1616
- "description": "Device Type",
1617
- "isDeprecated": false,
1618
- "name": "device_type"
1619
- },
1620
- {
1621
- "deprecationReason": null,
1622
- "description": "Tenant Restriction Rule Name",
1623
- "isDeprecated": false,
1624
- "name": "tenant_restriction_rule_name"
1625
- },
1626
- {
1627
- "deprecationReason": null,
1628
- "description": "Connection Origin",
1629
- "isDeprecated": false,
1630
- "name": "connection_origin"
1631
- },
1632
- {
1633
- "deprecationReason": null,
1634
- "description": "Translated Server IP",
1635
- "isDeprecated": false,
1636
- "name": "translated_server_ip"
1637
- },
1638
- {
1639
- "deprecationReason": null,
1640
- "description": "Translated Client IP",
1641
- "isDeprecated": false,
1642
- "name": "translated_client_ip"
1643
- },
1644
- {
1645
- "deprecationReason": null,
1646
- "description": "IoC Container Name",
1647
- "isDeprecated": false,
1648
- "name": "container_name"
1649
- },
1650
- {
1651
- "deprecationReason": null,
1652
- "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
1653
- "isDeprecated": false,
1654
- "name": "correlation_id"
1655
- },
1656
- {
1657
- "deprecationReason": null,
1658
- "description": "Precedence",
1659
- "isDeprecated": false,
1660
- "name": "precedence"
1661
- },
1662
- {
1663
- "deprecationReason": null,
1664
- "description": "A list of labels providing additional context for the event",
1665
- "isDeprecated": false,
1666
- "name": "labels"
1667
- }
1668
- ],
1669
- "fields": null,
1670
- "inputFields": null,
1671
- "interfaces": null,
1672
- "kind": "ENUM",
1673
- "name": "EventFieldName",
1674
- "possibleTypes": null
1675
- },
1676
- "indexType": "enum",
1677
- "kind": [
1678
- "ENUM"
1679
- ],
1680
- "name": "EventFieldName",
1681
- "non_null": false
1682
- },
1683
- "varName": "eventFieldName"
1684
- }
1685
- },
1686
- "interfaces": null,
1687
- "kind": "INPUT_OBJECT",
1688
- "name": "FieldNameInput",
1689
- "possibleTypes": null
1690
- },
1691
- "indexType": "input_object",
1692
- "kind": [
1693
- "NON_NULL",
1694
- "INPUT_OBJECT"
1695
- ],
1696
- "name": "FieldNameInput",
1697
- "non_null": false
1698
- },
1699
- "varName": "fieldNameInput"
1700
- },
1701
- "operator": {
1702
- "defaultValue": null,
1703
- "description": "Use AuditFieldName for audits",
1704
- "id_str": "filters___operator",
1705
- "name": "operator",
1706
- "path": "filters.operator",
1707
- "requestStr": "$operator:ElasticOperator! ",
1708
- "required": true,
1709
- "responseStr": "operator:$operator ",
1710
- "type": {
1711
- "definition": {
1712
- "description": "Search operators on ElasticSearch. Between operators are applicable only to numeric fields\nNote that not operators are slower",
1713
- "enumValues": [
1714
- {
1715
- "deprecationReason": null,
1716
- "description": null,
1717
- "isDeprecated": false,
1718
- "name": "is"
1719
- },
1720
- {
1721
- "deprecationReason": null,
1722
- "description": null,
1723
- "isDeprecated": false,
1724
- "name": "is_not"
1725
- },
1726
- {
1727
- "deprecationReason": null,
1728
- "description": null,
1729
- "isDeprecated": false,
1730
- "name": "in"
1731
- },
1732
- {
1733
- "deprecationReason": null,
1734
- "description": null,
1735
- "isDeprecated": false,
1736
- "name": "not_in"
1737
- },
1738
- {
1739
- "deprecationReason": null,
1740
- "description": null,
1741
- "isDeprecated": false,
1742
- "name": "exists"
1743
- },
1744
- {
1745
- "deprecationReason": null,
1746
- "description": null,
1747
- "isDeprecated": false,
1748
- "name": "not_exists"
1749
- },
1750
- {
1751
- "deprecationReason": null,
1752
- "description": null,
1753
- "isDeprecated": false,
1754
- "name": "between"
1755
- },
1756
- {
1757
- "deprecationReason": null,
1758
- "description": null,
1759
- "isDeprecated": false,
1760
- "name": "not_between"
1761
- }
1762
- ],
1763
- "fields": null,
1764
- "inputFields": null,
1765
- "interfaces": null,
1766
- "kind": "ENUM",
1767
- "name": "ElasticOperator",
1768
- "possibleTypes": null
1769
- },
1770
- "indexType": "enum",
1771
- "kind": [
1772
- "NON_NULL",
1773
- "ENUM"
1774
- ],
1775
- "name": "ElasticOperator",
1776
- "non_null": false
1777
- },
1778
- "varName": "operator"
1779
- },
1780
- "values": {
1781
- "defaultValue": null,
1782
- "description": null,
1783
- "id_str": "filters___values",
1784
- "name": "values",
1785
- "path": "filters.values",
1786
- "requestStr": "$values:[String] ",
1787
- "required": false,
1788
- "responseStr": "values:$values ",
1789
- "type": {
1790
- "kind": [
1791
- "LIST",
1792
- "NON_NULL",
1793
- "SCALAR"
1794
- ],
1795
- "name": "String",
1796
- "non_null": false
1797
- },
1798
- "varName": "values"
1799
- }
1800
- },
1801
- "interfaces": null,
1802
- "kind": "INPUT_OBJECT",
1803
- "name": "AuditFieldFilterInput",
1804
- "possibleTypes": null
1805
- },
1806
- "indexType": "input_object",
1807
- "kind": [
1808
- "LIST",
1809
- "NON_NULL",
1810
- "INPUT_OBJECT"
1811
- ],
1812
- "name": "AuditFieldFilterInput",
1813
- "non_null": false
1814
- },
1815
- "varName": "auditFieldFilterInput"
1816
- },
1817
- "marker": {
1818
- "defaultValue": null,
1819
- "description": "Marker to use to get results from",
1820
- "id_str": "marker",
1821
- "name": "marker",
1822
- "path": "marker",
1823
- "requestStr": "$marker:String ",
1824
- "required": false,
1825
- "responseStr": "marker:$marker ",
1826
- "type": {
1827
- "kind": [
1828
- "SCALAR"
1829
- ],
1830
- "name": "String",
1831
- "non_null": false
1832
- },
1833
- "varName": "marker"
1834
- },
1835
- "timeFrame": {
1836
- "defaultValue": null,
1837
- "description": null,
1838
- "id_str": "timeFrame",
1839
- "name": "timeFrame",
1840
- "path": "timeFrame",
1841
- "requestStr": "$timeFrame:TimeFrame! ",
1842
- "required": true,
1843
- "responseStr": "timeFrame:$timeFrame ",
1844
- "type": {
1845
- "kind": [
1846
- "NON_NULL",
1847
- "SCALAR"
1848
- ],
1849
- "name": "TimeFrame",
1850
- "non_null": false
1851
- },
1852
- "varName": "timeFrame"
1853
- }
1854
- },
1855
- "deprecationReason": null,
1856
- "description": "Audit Feed for account changes",
1857
- "fieldTypes": {
1858
- "AuditFeedAccountRecords": true,
1859
- "AuditRecord": true,
1860
- "Entity": true,
1861
- "EntityInfo": true,
1862
- "EntityType": true
1863
- },
1864
- "isDeprecated": false,
1865
- "name": "auditFeed",
1866
- "operationArgs": {
1867
- "accountIDs": {
1868
- "defaultValue": null,
1869
- "description": "List of Unique Account Identifiers.",
1870
- "id_str": "accountIDs",
1871
- "name": "accountIDs",
1872
- "path": "accountIDs",
1873
- "requestStr": "$accountIDs:[ID!] ",
1874
- "required": false,
1875
- "responseStr": "accountIDs:$accountIDs ",
1876
- "type": {
1877
- "kind": [
1878
- "LIST",
1879
- "NON_NULL",
1880
- "SCALAR"
1881
- ],
1882
- "name": "ID",
1883
- "non_null": false
1884
- },
1885
- "varName": "accountIDs"
1886
- },
1887
- "auditFieldFilterInput": {
1888
- "defaultValue": null,
1889
- "description": null,
1890
- "id_str": "filters",
1891
- "name": "filters",
1892
- "path": "filters",
1893
- "requestStr": "$auditFieldFilterInput:[AuditFieldFilterInput!] ",
1894
- "required": false,
1895
- "responseStr": "filters:$auditFieldFilterInput ",
1896
- "type": {
1897
- "definition": {
1898
- "description": null,
1899
- "enumValues": null,
1900
- "fields": null,
1901
- "inputFields": {
1902
- "fieldName": {
1903
- "defaultValue": null,
1904
- "description": null,
1905
- "id_str": "filters___fieldName",
1906
- "name": "fieldName",
1907
- "path": "filters.fieldName",
1908
- "requestStr": "$fieldNameInput:FieldNameInput! ",
1909
- "required": true,
1910
- "responseStr": "fieldName:$fieldNameInput ",
1911
- "type": {
1912
- "definition": {
1913
- "description": "FieldName for the different types of FieldName inputs\nUse the EventFieldName for events, and AuditFieldName for audit",
1914
- "enumValues": null,
1915
- "fields": null,
1916
- "inputFields": {
1917
- "AuditFieldName": {
1918
- "defaultValue": null,
1919
- "description": null,
1920
- "id_str": "filters___fieldName___AuditFieldName",
1921
- "name": "AuditFieldName",
1922
- "path": "filters.fieldName.AuditFieldName",
1923
- "requestStr": "$auditFieldName:AuditFieldName ",
1924
- "required": false,
1925
- "responseStr": "AuditFieldName:$auditFieldName ",
1926
- "type": {
1927
- "definition": {
1928
- "description": null,
1929
- "enumValues": [
1930
- {
1931
- "deprecationReason": null,
1932
- "description": "The admin whose action generated the record",
1933
- "isDeprecated": false,
1934
- "name": "admin"
1935
- },
1936
- {
1937
- "deprecationReason": null,
1938
- "description": "The api key whose action generated the record",
1939
- "isDeprecated": false,
1940
- "name": "apiKey"
1941
- },
1942
- {
1943
- "deprecationReason": null,
1944
- "description": "The name of the object that was affected, e.g. 'My Site'",
1945
- "isDeprecated": false,
1946
- "name": "model_name"
1947
- },
1948
- {
1949
- "deprecationReason": null,
1950
- "description": "The ID of the admin whose action generated the record",
1951
- "isDeprecated": false,
1952
- "name": "admin_id"
1953
- },
1954
- {
1955
- "deprecationReason": null,
1956
- "description": "Less granular than model_name, a general marker of the modified area: administration, configuration, security",
1957
- "isDeprecated": false,
1958
- "name": "module"
1959
- },
1960
- {
1961
- "deprecationReason": null,
1962
- "description": null,
1963
- "isDeprecated": false,
1964
- "name": "audit_creation_type"
1965
- },
1966
- {
1967
- "deprecationReason": null,
1968
- "description": "Time the record was committed to storage",
1969
- "isDeprecated": false,
1970
- "name": "insertion_date"
1971
- },
1972
- {
1973
- "deprecationReason": null,
1974
- "description": "the nature of the change: `CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED`",
1975
- "isDeprecated": false,
1976
- "name": "change_type"
1977
- },
1978
- {
1979
- "deprecationReason": null,
1980
- "description": "Time the record was created",
1981
- "isDeprecated": false,
1982
- "name": "creation_date"
1983
- },
1984
- {
1985
- "deprecationReason": null,
1986
- "description": "The type of object that was affected. e.g. Site, Socket, SocketInterface",
1987
- "isDeprecated": false,
1988
- "name": "model_type"
1989
- },
1990
- {
1991
- "deprecationReason": null,
1992
- "description": "The name of the account on which the record was created",
1993
- "isDeprecated": false,
1994
- "name": "account"
1995
- },
1996
- {
1997
- "deprecationReason": null,
1998
- "description": "The id of the account on which the record was created",
1999
- "isDeprecated": false,
2000
- "name": "account_id"
2001
- }
2002
- ],
2003
- "fields": null,
2004
- "inputFields": null,
2005
- "interfaces": null,
2006
- "kind": "ENUM",
2007
- "name": "AuditFieldName",
2008
- "possibleTypes": null
2009
- },
2010
- "indexType": "enum",
2011
- "kind": [
2012
- "ENUM"
2013
- ],
2014
- "name": "AuditFieldName",
2015
- "non_null": false
2016
- },
2017
- "varName": "auditFieldName"
2018
- },
2019
- "EventFieldName": {
2020
- "defaultValue": null,
2021
- "description": null,
2022
- "id_str": "filters___fieldName___EventFieldName",
2023
- "name": "EventFieldName",
2024
- "path": "filters.fieldName.EventFieldName",
2025
- "requestStr": "$eventFieldName:EventFieldName ",
2026
- "required": false,
2027
- "responseStr": "EventFieldName:$eventFieldName ",
2028
- "type": {
2029
- "definition": {
2030
- "description": null,
2031
- "enumValues": [
2032
- {
2033
- "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2034
- "description": "Name of site or user initiating the connection",
2035
- "isDeprecated": true,
2036
- "name": "src_site"
2037
- },
2038
- {
2039
- "deprecationReason": null,
2040
- "description": "Unique internal Cato ID for the site or remote user",
2041
- "isDeprecated": false,
2042
- "name": "src_site_id"
2043
- },
2044
- {
2045
- "deprecationReason": null,
2046
- "description": "Static host",
2047
- "isDeprecated": false,
2048
- "name": "static_host"
2049
- },
2050
- {
2051
- "deprecationReason": null,
2052
- "description": "User ID",
2053
- "isDeprecated": false,
2054
- "name": "user_id"
2055
- },
2056
- {
2057
- "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2058
- "description": "For WAN traffic, name of destination site or SDP user",
2059
- "isDeprecated": true,
2060
- "name": "dest_site"
2061
- },
2062
- {
2063
- "deprecationReason": null,
2064
- "description": "Unique internal Cato ID for the destination site or remote user",
2065
- "isDeprecated": false,
2066
- "name": "dest_site_id"
2067
- },
2068
- {
2069
- "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
2070
- "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
2071
- "isDeprecated": true,
2072
- "name": "src_or_dest_site_id"
2073
- },
2074
- {
2075
- "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2076
- "description": "Name of security rule related to the event",
2077
- "isDeprecated": true,
2078
- "name": "rule"
2079
- },
2080
- {
2081
- "deprecationReason": null,
2082
- "description": "The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)",
2083
- "isDeprecated": false,
2084
- "name": "ISP_name"
2085
- },
2086
- {
2087
- "deprecationReason": null,
2088
- "description": "Name for Socket interface",
2089
- "isDeprecated": false,
2090
- "name": "socket_interface"
2091
- },
2092
- {
2093
- "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2094
- "description": "Name for the custom category defined in the Cato Management Application",
2095
- "isDeprecated": true,
2096
- "name": "custom_category"
2097
- },
2098
- {
2099
- "deprecationReason": null,
2100
- "description": "Host name of Domain Controller that created LDAP event",
2101
- "isDeprecated": false,
2102
- "name": "directory_host_name"
2103
- },
2104
- {
2105
- "deprecationReason": null,
2106
- "description": "Destination port",
2107
- "isDeprecated": false,
2108
- "name": "dest_port"
2109
- },
2110
- {
2111
- "deprecationReason": null,
2112
- "description": "BGP ASN for remote peer",
2113
- "isDeprecated": false,
2114
- "name": "bgp_peer_asn"
2115
- },
2116
- {
2117
- "deprecationReason": null,
2118
- "description": "For Block/Prompt page, reference ID to report incorrect category",
2119
- "isDeprecated": false,
2120
- "name": "user_reference_id"
2121
- },
2122
- {
2123
- "deprecationReason": null,
2124
- "description": "Internal port number",
2125
- "isDeprecated": false,
2126
- "name": "src_port"
2127
- },
2128
- {
2129
- "deprecationReason": null,
2130
- "description": "Data that measures the packet loss for a specific link",
2131
- "isDeprecated": false,
2132
- "name": "link_health_pkt_loss"
2133
- },
2134
- {
2135
- "deprecationReason": null,
2136
- "description": "Name of PoP location",
2137
- "isDeprecated": false,
2138
- "name": "pop_name"
2139
- },
2140
- {
2141
- "deprecationReason": null,
2142
- "description": "IP address of host related to event",
2143
- "isDeprecated": false,
2144
- "name": "host_ip"
2145
- },
2146
- {
2147
- "deprecationReason": null,
2148
- "description": "Cato's description of the event",
2149
- "isDeprecated": false,
2150
- "name": "event_message"
2151
- },
2152
- {
2153
- "deprecationReason": null,
2154
- "description": "Source site or remote user",
2155
- "isDeprecated": false,
2156
- "name": "src_site_name"
2157
- },
2158
- {
2159
- "deprecationReason": null,
2160
- "description": "Domain name based on the SSL SNI, HTTP host name, or DNS name",
2161
- "isDeprecated": false,
2162
- "name": "domain_name"
2163
- },
2164
- {
2165
- "deprecationReason": null,
2166
- "description": "Destination IP address",
2167
- "isDeprecated": false,
2168
- "name": "dest_ip"
2169
- },
2170
- {
2171
- "deprecationReason": null,
2172
- "description": "File hash",
2173
- "isDeprecated": false,
2174
- "name": "file_hash"
2175
- },
2176
- {
2177
- "deprecationReason": null,
2178
- "description": "IP address provided by ISP to site or Client",
2179
- "isDeprecated": false,
2180
- "name": "src_isp_ip"
2181
- },
2182
- {
2183
- "deprecationReason": null,
2184
- "description": "Examples: MFA or password",
2185
- "isDeprecated": false,
2186
- "name": "authentication_type"
2187
- },
2188
- {
2189
- "deprecationReason": null,
2190
- "description": "Rule name",
2191
- "isDeprecated": false,
2192
- "name": "rule_name"
2193
- },
2194
- {
2195
- "deprecationReason": null,
2196
- "description": "Result of LDAP Domain Controller sync event",
2197
- "isDeprecated": false,
2198
- "name": "directory_sync_result"
2199
- },
2200
- {
2201
- "deprecationReason": null,
2202
- "description": "MAC address of host related to event",
2203
- "isDeprecated": false,
2204
- "name": "host_mac"
2205
- },
2206
- {
2207
- "deprecationReason": null,
2208
- "description": "Type of malware event",
2209
- "isDeprecated": false,
2210
- "name": "threat_type"
2211
- },
2212
- {
2213
- "deprecationReason": null,
2214
- "description": "Result of malware event (clean indicates a safe file)",
2215
- "isDeprecated": false,
2216
- "name": "threat_verdict"
2217
- },
2218
- {
2219
- "deprecationReason": null,
2220
- "description": "Name for device related to the event",
2221
- "isDeprecated": false,
2222
- "name": "device_name"
2223
- },
2224
- {
2225
- "deprecationReason": null,
2226
- "description": "Link type \u2013 Cato, Alt. WAN or LAG",
2227
- "isDeprecated": false,
2228
- "name": "link_type"
2229
- },
2230
- {
2231
- "deprecationReason": null,
2232
- "description": "Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)",
2233
- "isDeprecated": false,
2234
- "name": "login_type"
2235
- },
2236
- {
2237
- "deprecationReason": null,
2238
- "description": "For hosts configured with a static IP in the Cato Management Application, the host name",
2239
- "isDeprecated": false,
2240
- "name": "configured_host_name"
2241
- },
2242
- {
2243
- "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
2244
- "description": "Cato Internal-use only",
2245
- "isDeprecated": true,
2246
- "name": "internalId"
2247
- },
2248
- {
2249
- "deprecationReason": null,
2250
- "description": "Event Id",
2251
- "isDeprecated": false,
2252
- "name": "event_id"
2253
- },
2254
- {
2255
- "deprecationReason": null,
2256
- "description": "Type of LDAP Domain Controller sync event",
2257
- "isDeprecated": false,
2258
- "name": "directory_sync_type"
2259
- },
2260
- {
2261
- "deprecationReason": null,
2262
- "description": "User\u2019s email address",
2263
- "isDeprecated": false,
2264
- "name": "vpn_user_email"
2265
- },
2266
- {
2267
- "deprecationReason": null,
2268
- "description": "Type of process generating this traffic",
2269
- "isDeprecated": false,
2270
- "name": "client_class"
2271
- },
2272
- {
2273
- "deprecationReason": null,
2274
- "description": "For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)",
2275
- "isDeprecated": false,
2276
- "name": "incident_aggregation"
2277
- },
2278
- {
2279
- "deprecationReason": null,
2280
- "description": "Type of Socket reset (Hardware/Software)",
2281
- "isDeprecated": false,
2282
- "name": "socket_reset"
2283
- },
2284
- {
2285
- "deprecationReason": null,
2286
- "description": "User that generated the event",
2287
- "isDeprecated": false,
2288
- "name": "user_name"
2289
- },
2290
- {
2291
- "deprecationReason": null,
2292
- "description": "Socket or SDP Client version",
2293
- "isDeprecated": false,
2294
- "name": "client_version"
2295
- },
2296
- {
2297
- "deprecationReason": null,
2298
- "description": "File size",
2299
- "isDeprecated": false,
2300
- "name": "file_size"
2301
- },
2302
- {
2303
- "deprecationReason": null,
2304
- "description": "Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)",
2305
- "isDeprecated": false,
2306
- "name": "registration_code"
2307
- },
2308
- {
2309
- "deprecationReason": null,
2310
- "description": "BGP disconnect error code",
2311
- "isDeprecated": false,
2312
- "name": "bgp_error_code"
2313
- },
2314
- {
2315
- "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
2316
- "description": "Description from Cato Management Application for BGP peer",
2317
- "isDeprecated": true,
2318
- "name": "bgp_peer_description"
2319
- },
2320
- {
2321
- "deprecationReason": null,
2322
- "description": "For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked",
2323
- "isDeprecated": false,
2324
- "name": "threat_name"
2325
- },
2326
- {
2327
- "deprecationReason": null,
2328
- "description": "For QoS, the time that this QoS event started. The event is generated when the QoS event finishes",
2329
- "isDeprecated": false,
2330
- "name": "qos_reported_time"
2331
- },
2332
- {
2333
- "deprecationReason": null,
2334
- "description": "Network protocol for this event",
2335
- "isDeprecated": false,
2336
- "name": "ip_protocol"
2337
- },
2338
- {
2339
- "deprecationReason": null,
2340
- "description": "BGP ASN for Cato peer",
2341
- "isDeprecated": false,
2342
- "name": "bgp_cato_asn"
2343
- },
2344
- {
2345
- "deprecationReason": null,
2346
- "description": "IP for host or Cato Client",
2347
- "isDeprecated": false,
2348
- "name": "src_ip"
2349
- },
2350
- {
2351
- "deprecationReason": null,
2352
- "description": "Link to external malware reference",
2353
- "isDeprecated": false,
2354
- "name": "threat_reference"
2355
- },
2356
- {
2357
- "deprecationReason": null,
2358
- "description": "Firewall, QoS or LAG action",
2359
- "isDeprecated": false,
2360
- "name": "action"
2361
- },
2362
- {
2363
- "deprecationReason": null,
2364
- "description": "For LDAP sync events, name of the AD domain",
2365
- "isDeprecated": false,
2366
- "name": "windows_domain_name"
2367
- },
2368
- {
2369
- "deprecationReason": null,
2370
- "description": "(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low \u2013 ie. adware Medium \u2013 ie. network scans High \u2013 ie. spyware or worms",
2371
- "isDeprecated": false,
2372
- "name": "risk_level"
2373
- },
2374
- {
2375
- "deprecationReason": null,
2376
- "description": "For Socket upgrade, previous version number",
2377
- "isDeprecated": false,
2378
- "name": "socket_old_version"
2379
- },
2380
- {
2381
- "deprecationReason": null,
2382
- "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
2383
- "isDeprecated": false,
2384
- "name": "link_health_latency"
2385
- },
2386
- {
2387
- "deprecationReason": null,
2388
- "description": "Protocol for the tunnel",
2389
- "isDeprecated": false,
2390
- "name": "tunnel_protocol"
2391
- },
2392
- {
2393
- "deprecationReason": null,
2394
- "description": "For Socket upgrades, new version number",
2395
- "isDeprecated": false,
2396
- "name": "socket_new_version"
2397
- },
2398
- {
2399
- "deprecationReason": null,
2400
- "description": "Socket version number",
2401
- "isDeprecated": false,
2402
- "name": "socket_version"
2403
- },
2404
- {
2405
- "deprecationReason": null,
2406
- "description": "Data that measures the jitter for a specific link",
2407
- "isDeprecated": false,
2408
- "name": "link_health_jitter"
2409
- },
2410
- {
2411
- "deprecationReason": null,
2412
- "description": "Socket upgrade start time (Linux epoch format)",
2413
- "isDeprecated": false,
2414
- "name": "upgrade_start_time"
2415
- },
2416
- {
2417
- "deprecationReason": null,
2418
- "description": "BGP IP for Cato peer",
2419
- "isDeprecated": false,
2420
- "name": "bgp_cato_ip"
2421
- },
2422
- {
2423
- "deprecationReason": null,
2424
- "description": "Cato system category",
2425
- "isDeprecated": false,
2426
- "name": "categories"
2427
- },
2428
- {
2429
- "deprecationReason": null,
2430
- "description": "Unique Cato ID for the security rule related to the event",
2431
- "isDeprecated": false,
2432
- "name": "rule_id"
2433
- },
2434
- {
2435
- "deprecationReason": null,
2436
- "description": "For Socket HA events, indicates if the Socket is primary or secondary",
2437
- "isDeprecated": false,
2438
- "name": "socket_role"
2439
- },
2440
- {
2441
- "deprecationReason": null,
2442
- "description": "Number of targets (servers) associated with this event",
2443
- "isDeprecated": false,
2444
- "name": "targets_cardinality"
2445
- },
2446
- {
2447
- "deprecationReason": null,
2448
- "description": "Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)",
2449
- "isDeprecated": false,
2450
- "name": "upgrade_initiated_by"
2451
- },
2452
- {
2453
- "deprecationReason": null,
2454
- "description": "For WAN traffic, destination is site or SDP user",
2455
- "isDeprecated": false,
2456
- "name": "dest_is_site_or_vpn"
2457
- },
2458
- {
2459
- "deprecationReason": null,
2460
- "description": "BGP IP for remote peer",
2461
- "isDeprecated": false,
2462
- "name": "bgp_peer_ip"
2463
- },
2464
- {
2465
- "deprecationReason": null,
2466
- "description": "Source type: site or remote user",
2467
- "isDeprecated": false,
2468
- "name": "src_is_site_or_vpn"
2469
- },
2470
- {
2471
- "deprecationReason": null,
2472
- "description": "Active Directory name",
2473
- "isDeprecated": false,
2474
- "name": "ad_name"
2475
- },
2476
- {
2477
- "deprecationReason": null,
2478
- "description": "Method used to get identity with User Awareness (such as Identity Agent)",
2479
- "isDeprecated": false,
2480
- "name": "user_awareness_method"
2481
- },
2482
- {
2483
- "deprecationReason": null,
2484
- "description": "Data that measures the congestion for a specific link",
2485
- "isDeprecated": false,
2486
- "name": "link_health_is_congested"
2487
- },
2488
- {
2489
- "deprecationReason": null,
2490
- "description": "Name of subnet as defined in Cato Management Application",
2491
- "isDeprecated": false,
2492
- "name": "subnet_name"
2493
- },
2494
- {
2495
- "deprecationReason": null,
2496
- "description": "OS version for the device (such as 14.3.0)",
2497
- "isDeprecated": false,
2498
- "name": "os_version"
2499
- },
2500
- {
2501
- "deprecationReason": null,
2502
- "description": "Sub-type for Routing, Security, Connectivity, System or Sockets Management event",
2503
- "isDeprecated": false,
2504
- "name": "event_sub_type"
2505
- },
2506
- {
2507
- "deprecationReason": null,
2508
- "description": "Host OS or tunnel device",
2509
- "isDeprecated": false,
2510
- "name": "os_type"
2511
- },
2512
- {
2513
- "deprecationReason": null,
2514
- "description": "Direction of network traffic for this event, values are inbound or outbound",
2515
- "isDeprecated": false,
2516
- "name": "traffic_direction"
2517
- },
2518
- {
2519
- "deprecationReason": null,
2520
- "description": "BGP disconnect error message",
2521
- "isDeprecated": false,
2522
- "name": "bgp_suberror_code"
2523
- },
2524
- {
2525
- "deprecationReason": null,
2526
- "description": "CIDR for BGP route",
2527
- "isDeprecated": false,
2528
- "name": "bgp_route_cidr"
2529
- },
2530
- {
2531
- "deprecationReason": null,
2532
- "description": "Unique Cato ID that identifies this security incident",
2533
- "isDeprecated": false,
2534
- "name": "incident_id"
2535
- },
2536
- {
2537
- "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2538
- "description": "For Internet firewall, app for this event",
2539
- "isDeprecated": true,
2540
- "name": "application"
2541
- },
2542
- {
2543
- "deprecationReason": null,
2544
- "description": "The name of the application associated with the flow",
2545
- "isDeprecated": false,
2546
- "name": "application_name"
2547
- },
2548
- {
2549
- "deprecationReason": null,
2550
- "description": "Application ID of the flow",
2551
- "isDeprecated": false,
2552
- "name": "application_id"
2553
- },
2554
- {
2555
- "deprecationReason": null,
2556
- "description": "Socket upgrade end time (Linux epoch format):",
2557
- "isDeprecated": false,
2558
- "name": "upgrade_end_time"
2559
- },
2560
- {
2561
- "deprecationReason": null,
2562
- "description": "Socket interface ID",
2563
- "isDeprecated": false,
2564
- "name": "socket_interface_id"
2565
- },
2566
- {
2567
- "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
2568
- "description": "Unique Cato ID for the custom category",
2569
- "isDeprecated": true,
2570
- "name": "custom_categories"
2571
- },
2572
- {
2573
- "deprecationReason": null,
2574
- "description": "Custom category ID",
2575
- "isDeprecated": false,
2576
- "name": "custom_category_id"
2577
- },
2578
- {
2579
- "deprecationReason": null,
2580
- "description": "Custom category name",
2581
- "isDeprecated": false,
2582
- "name": "custom_category_name"
2583
- },
2584
- {
2585
- "deprecationReason": null,
2586
- "description": "Country in which the source host is located (detected via public IP address)",
2587
- "isDeprecated": false,
2588
- "name": "src_country"
2589
- },
2590
- {
2591
- "deprecationReason": null,
2592
- "description": "Country Code of country in which the source host is located (detected via public IP address)",
2593
- "isDeprecated": false,
2594
- "name": "src_country_code"
2595
- },
2596
- {
2597
- "deprecationReason": null,
2598
- "description": "Count for events that are repeated multiple times during one minute",
2599
- "isDeprecated": false,
2600
- "name": "event_count"
2601
- },
2602
- {
2603
- "deprecationReason": null,
2604
- "description": "File name",
2605
- "isDeprecated": false,
2606
- "name": "file_name"
2607
- },
2608
- {
2609
- "deprecationReason": null,
2610
- "description": "IP address of Domain Controller that created LDAP event",
2611
- "isDeprecated": false,
2612
- "name": "directory_ip"
2613
- },
2614
- {
2615
- "deprecationReason": null,
2616
- "description": "Time stamp of event (Linux epoch format)",
2617
- "isDeprecated": false,
2618
- "name": "time"
2619
- },
2620
- {
2621
- "deprecationReason": null,
2622
- "description": "URL associated with the event",
2623
- "isDeprecated": false,
2624
- "name": "url"
2625
- },
2626
- {
2627
- "deprecationReason": null,
2628
- "description": "For Internet traffic, country where the destination host is located",
2629
- "isDeprecated": false,
2630
- "name": "dest_country"
2631
- },
2632
- {
2633
- "deprecationReason": null,
2634
- "description": "For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)",
2635
- "isDeprecated": false,
2636
- "name": "dest_country_code"
2637
- },
2638
- {
2639
- "deprecationReason": null,
2640
- "description": "Amount of flows for a given incident",
2641
- "isDeprecated": false,
2642
- "name": "flows_cardinality"
2643
- },
2644
- {
2645
- "deprecationReason": null,
2646
- "description": "The name of the destination site",
2647
- "isDeprecated": false,
2648
- "name": "dest_site_name"
2649
- },
2650
- {
2651
- "deprecationReason": null,
2652
- "description": "Routing, Security, Connectivity, System or Sockets Management event",
2653
- "isDeprecated": false,
2654
- "name": "event_type"
2655
- },
2656
- {
2657
- "deprecationReason": null,
2658
- "description": "Account ID",
2659
- "isDeprecated": false,
2660
- "name": "account_id"
2661
- },
2662
- {
2663
- "deprecationReason": null,
2664
- "description": "For IPS and SAM, ID of the IPS signature",
2665
- "isDeprecated": false,
2666
- "name": "signature_id"
2667
- },
2668
- {
2669
- "deprecationReason": null,
2670
- "description": "Expiration date for Client certificate",
2671
- "isDeprecated": false,
2672
- "name": "client_cert_expires"
2673
- },
2674
- {
2675
- "deprecationReason": null,
2676
- "description": "Name of Client certificate",
2677
- "isDeprecated": false,
2678
- "name": "client_cert_name"
2679
- },
2680
- {
2681
- "deprecationReason": null,
2682
- "description": "Is the app for this event defined as a sanctioned app? (True/False)",
2683
- "isDeprecated": false,
2684
- "name": "is_sanctioned_app"
2685
- },
2686
- {
2687
- "deprecationReason": null,
2688
- "description": "Name of application activity",
2689
- "isDeprecated": false,
2690
- "name": "app_activity"
2691
- },
2692
- {
2693
- "deprecationReason": null,
2694
- "description": "Activity type",
2695
- "isDeprecated": false,
2696
- "name": "app_activity_type"
2697
- },
2698
- {
2699
- "deprecationReason": null,
2700
- "description": "Device posture profiles",
2701
- "isDeprecated": false,
2702
- "name": "device_posture_profile"
2703
- },
2704
- {
2705
- "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
2706
- "description": "Device posture profiles",
2707
- "isDeprecated": true,
2708
- "name": "device_posture_profiles"
2709
- },
2710
- {
2711
- "deprecationReason": null,
2712
- "description": "Full path URL application activity",
2713
- "isDeprecated": false,
2714
- "name": "full_path_url"
2715
- },
2716
- {
2717
- "deprecationReason": null,
2718
- "description": "Application risk score",
2719
- "isDeprecated": false,
2720
- "name": "application_risk"
2721
- },
2722
- {
2723
- "deprecationReason": null,
2724
- "description": "Mitre attack techniques",
2725
- "isDeprecated": false,
2726
- "name": "mitre_attack_techniques"
2727
- },
2728
- {
2729
- "deprecationReason": null,
2730
- "description": "Mitre attack subtechniques",
2731
- "isDeprecated": false,
2732
- "name": "mitre_attack_subtechniques"
2733
- },
2734
- {
2735
- "deprecationReason": null,
2736
- "description": "Mitre attack tactics",
2737
- "isDeprecated": false,
2738
- "name": "mitre_attack_tactics"
2739
- },
2740
- {
2741
- "deprecationReason": null,
2742
- "description": "Indicator",
2743
- "isDeprecated": false,
2744
- "name": "indicator"
2745
- },
2746
- {
2747
- "deprecationReason": null,
2748
- "description": "For SaaS Security API, SaaS app for the connector",
2749
- "isDeprecated": false,
2750
- "name": "connector_type"
2751
- },
2752
- {
2753
- "deprecationReason": null,
2754
- "description": "For SaaS Security API, name of the connector",
2755
- "isDeprecated": false,
2756
- "name": "connector_name"
2757
- },
2758
- {
2759
- "deprecationReason": null,
2760
- "description": "For SaaS Security API, status of the connector",
2761
- "isDeprecated": false,
2762
- "name": "connector_status"
2763
- },
2764
- {
2765
- "deprecationReason": null,
2766
- "description": "For SaaS Security API, parent Microsoft 365 connector",
2767
- "isDeprecated": false,
2768
- "name": "parent_connector_name"
2769
- },
2770
- {
2771
- "deprecationReason": null,
2772
- "description": "File type",
2773
- "isDeprecated": false,
2774
- "name": "file_type"
2775
- },
2776
- {
2777
- "deprecationReason": null,
2778
- "description": "Describes the behavior when the DLP system encounters a failure",
2779
- "isDeprecated": false,
2780
- "name": "dlp_fail_mode"
2781
- },
2782
- {
2783
- "deprecationReason": null,
2784
- "description": "DLP profiles related to the event",
2785
- "isDeprecated": false,
2786
- "name": "dlp_profiles"
2787
- },
2788
- {
2789
- "deprecationReason": null,
2790
- "description": "Matched DLP data types related to the event",
2791
- "isDeprecated": false,
2792
- "name": "matched_data_types"
2793
- },
2794
- {
2795
- "deprecationReason": null,
2796
- "description": "Severity defined for the rule",
2797
- "isDeprecated": false,
2798
- "name": "severity"
2799
- },
2800
- {
2801
- "deprecationReason": null,
2802
- "description": "For SaaS Security API, email address of the file owner",
2803
- "isDeprecated": false,
2804
- "name": "owner"
2805
- },
2806
- {
2807
- "deprecationReason": null,
2808
- "description": "For SaaS Security API, email addresses of the users that received the file",
2809
- "isDeprecated": false,
2810
- "name": "collaborators"
2811
- },
2812
- {
2813
- "deprecationReason": null,
2814
- "description": "Email Subject",
2815
- "isDeprecated": false,
2816
- "name": "email_subject"
2817
- },
2818
- {
2819
- "deprecationReason": null,
2820
- "description": "Sharing Options for the file (such as SharePoint)",
2821
- "isDeprecated": false,
2822
- "name": "sharing_scope"
2823
- },
2824
- {
2825
- "deprecationReason": null,
2826
- "description": "Cato\u2019s DNS Protection type that matched the DNS request",
2827
- "isDeprecated": false,
2828
- "name": "dns_protection_category"
2829
- },
2830
- {
2831
- "deprecationReason": null,
2832
- "description": "If the events was part of the sinkhole flow",
2833
- "isDeprecated": false,
2834
- "name": "is_sinkhole"
2835
- },
2836
- {
2837
- "deprecationReason": null,
2838
- "description": "The ID for the endpoint",
2839
- "isDeprecated": false,
2840
- "name": "endpoint_id"
2841
- },
2842
- {
2843
- "deprecationReason": null,
2844
- "description": "The Endpoint Protection Engine that detected the malware",
2845
- "isDeprecated": false,
2846
- "name": "epp_engine_type"
2847
- },
2848
- {
2849
- "deprecationReason": null,
2850
- "description": "The file operation when this event occurred",
2851
- "isDeprecated": false,
2852
- "name": "file_operation"
2853
- },
2854
- {
2855
- "deprecationReason": null,
2856
- "description": null,
2857
- "isDeprecated": false,
2858
- "name": "final_object_status"
2859
- },
2860
- {
2861
- "deprecationReason": null,
2862
- "description": null,
2863
- "isDeprecated": false,
2864
- "name": "object_name"
2865
- },
2866
- {
2867
- "deprecationReason": null,
2868
- "description": null,
2869
- "isDeprecated": false,
2870
- "name": "object_type"
2871
- },
2872
- {
2873
- "deprecationReason": null,
2874
- "description": null,
2875
- "isDeprecated": false,
2876
- "name": "object_id"
2877
- },
2878
- {
2879
- "deprecationReason": null,
2880
- "description": null,
2881
- "isDeprecated": false,
2882
- "name": "alert_id"
2883
- },
2884
- {
2885
- "deprecationReason": null,
2886
- "description": "The vendor that identified the incident, such as Cato or Microsoft",
2887
- "isDeprecated": false,
2888
- "name": "vendor"
2889
- },
2890
- {
2891
- "deprecationReason": null,
2892
- "description": null,
2893
- "isDeprecated": false,
2894
- "name": "vendor_user_id"
2895
- },
2896
- {
2897
- "deprecationReason": null,
2898
- "description": null,
2899
- "isDeprecated": false,
2900
- "name": "status"
2901
- },
2902
- {
2903
- "deprecationReason": null,
2904
- "description": null,
2905
- "isDeprecated": false,
2906
- "name": "classification"
2907
- },
2908
- {
2909
- "deprecationReason": null,
2910
- "description": null,
2911
- "isDeprecated": false,
2912
- "name": "quarantine_folder_path"
2913
- },
2914
- {
2915
- "deprecationReason": null,
2916
- "description": null,
2917
- "isDeprecated": false,
2918
- "name": "title"
2919
- },
2920
- {
2921
- "deprecationReason": null,
2922
- "description": null,
2923
- "isDeprecated": false,
2924
- "name": "recommended_actions"
2925
- },
2926
- {
2927
- "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2928
- "description": null,
2929
- "isDeprecated": true,
2930
- "name": "pid"
2931
- },
2932
- {
2933
- "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
2934
- "description": null,
2935
- "isDeprecated": true,
2936
- "name": "parent_pid"
2937
- },
2938
- {
2939
- "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
2940
- "description": null,
2941
- "isDeprecated": true,
2942
- "name": "process_path"
2943
- },
2944
- {
2945
- "deprecationReason": null,
2946
- "description": null,
2947
- "isDeprecated": false,
2948
- "name": "failure_reason"
2949
- },
2950
- {
2951
- "deprecationReason": null,
2952
- "description": null,
2953
- "isDeprecated": false,
2954
- "name": "out_of_band_access"
2955
- },
2956
- {
2957
- "deprecationReason": null,
2958
- "description": "A Unique ID for the quarantined file",
2959
- "isDeprecated": false,
2960
- "name": "quarantine_uuid"
2961
- },
2962
- {
2963
- "deprecationReason": null,
2964
- "description": null,
2965
- "isDeprecated": false,
2966
- "name": "logged_in_user"
2967
- },
2968
- {
2969
- "deprecationReason": null,
2970
- "description": "The profile assigned to the endpoint upon detection of the malware",
2971
- "isDeprecated": false,
2972
- "name": "epp_profile"
2973
- },
2974
- {
2975
- "deprecationReason": null,
2976
- "description": "Source process ID",
2977
- "isDeprecated": false,
2978
- "name": "src_pid"
2979
- },
2980
- {
2981
- "deprecationReason": null,
2982
- "description": "Source process file path",
2983
- "isDeprecated": false,
2984
- "name": "src_process_path"
2985
- },
2986
- {
2987
- "deprecationReason": null,
2988
- "description": "Source process command line",
2989
- "isDeprecated": false,
2990
- "name": "src_process_cmdline"
2991
- },
2992
- {
2993
- "deprecationReason": null,
2994
- "description": "Source process parent process ID",
2995
- "isDeprecated": false,
2996
- "name": "src_process_parent_pid"
2997
- },
2998
- {
2999
- "deprecationReason": null,
3000
- "description": "Source process parent file path",
3001
- "isDeprecated": false,
3002
- "name": "src_process_parent_path"
3003
- },
3004
- {
3005
- "deprecationReason": null,
3006
- "description": "The destination process ID",
3007
- "isDeprecated": false,
3008
- "name": "dest_pid"
3009
- },
3010
- {
3011
- "deprecationReason": null,
3012
- "description": "Destination process file path",
3013
- "isDeprecated": false,
3014
- "name": "dest_process_path"
3015
- },
3016
- {
3017
- "deprecationReason": null,
3018
- "description": "Destination process command line",
3019
- "isDeprecated": false,
3020
- "name": "dest_process_cmdline"
3021
- },
3022
- {
3023
- "deprecationReason": null,
3024
- "description": "Destination process parent process ID",
3025
- "isDeprecated": false,
3026
- "name": "dest_process_parent_pid"
3027
- },
3028
- {
3029
- "deprecationReason": null,
3030
- "description": "Destination process parent file path",
3031
- "isDeprecated": false,
3032
- "name": "dest_process_parent_path"
3033
- },
3034
- {
3035
- "deprecationReason": null,
3036
- "description": "If policy is set to disinfect, return the result of this action",
3037
- "isDeprecated": false,
3038
- "name": "disinfect_result"
3039
- },
3040
- {
3041
- "deprecationReason": null,
3042
- "description": "Indicate how many processes are part of this event",
3043
- "isDeprecated": false,
3044
- "name": "processes_count"
3045
- },
3046
- {
3047
- "deprecationReason": null,
3048
- "description": "HTTP request method (ie. Get, Post)",
3049
- "isDeprecated": false,
3050
- "name": "http_request_method"
3051
- },
3052
- {
3053
- "deprecationReason": null,
3054
- "description": "XFF HTTP header indicates the original IP address for the connections",
3055
- "isDeprecated": false,
3056
- "name": "xff"
3057
- },
3058
- {
3059
- "deprecationReason": null,
3060
- "description": "Domain queried in the DNS request",
3061
- "isDeprecated": false,
3062
- "name": "dns_query"
3063
- },
3064
- {
3065
- "deprecationReason": null,
3066
- "description": "Name defined for the public API Key in the Cato Management Application",
3067
- "isDeprecated": false,
3068
- "name": "key_name"
3069
- },
3070
- {
3071
- "deprecationReason": null,
3072
- "description": null,
3073
- "isDeprecated": false,
3074
- "name": "api_type"
3075
- },
3076
- {
3077
- "deprecationReason": null,
3078
- "description": null,
3079
- "isDeprecated": false,
3080
- "name": "api_name"
3081
- },
3082
- {
3083
- "deprecationReason": null,
3084
- "description": "Related Apps",
3085
- "isDeprecated": false,
3086
- "name": "app_stack"
3087
- },
3088
- {
3089
- "deprecationReason": null,
3090
- "description": "TLS Inspection rule name",
3091
- "isDeprecated": false,
3092
- "name": "tls_rule_name"
3093
- },
3094
- {
3095
- "deprecationReason": null,
3096
- "description": "TLS Certificate Error",
3097
- "isDeprecated": false,
3098
- "name": "tls_certificate_error"
3099
- },
3100
- {
3101
- "deprecationReason": null,
3102
- "description": "TLS Version",
3103
- "isDeprecated": false,
3104
- "name": "tls_version"
3105
- },
3106
- {
3107
- "deprecationReason": null,
3108
- "description": "TLS Error Type",
3109
- "isDeprecated": false,
3110
- "name": "tls_error_type"
3111
- },
3112
- {
3113
- "deprecationReason": null,
3114
- "description": "TLS Error Description",
3115
- "isDeprecated": false,
3116
- "name": "tls_error_description"
3117
- },
3118
- {
3119
- "deprecationReason": null,
3120
- "description": "Cato application name",
3121
- "isDeprecated": false,
3122
- "name": "cato_app"
3123
- },
3124
- {
3125
- "deprecationReason": null,
3126
- "description": "Prompt Page Selected Action",
3127
- "isDeprecated": false,
3128
- "name": "prompt_action"
3129
- },
3130
- {
3131
- "deprecationReason": null,
3132
- "description": "Unique Cato ID for devices",
3133
- "isDeprecated": false,
3134
- "name": "device_id"
3135
- },
3136
- {
3137
- "deprecationReason": null,
3138
- "description": "Unique Cato Visible ID for devices",
3139
- "isDeprecated": false,
3140
- "name": "visible_device_id"
3141
- },
3142
- {
3143
- "deprecationReason": null,
3144
- "description": "Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN",
3145
- "isDeprecated": false,
3146
- "name": "auth_method"
3147
- },
3148
- {
3149
- "deprecationReason": null,
3150
- "description": "Always-On Bypass Method",
3151
- "isDeprecated": false,
3152
- "name": "bypass_method"
3153
- },
3154
- {
3155
- "deprecationReason": null,
3156
- "description": "Always-On Bypass Duration In Seconds",
3157
- "isDeprecated": false,
3158
- "name": "bypass_duration_sec"
3159
- },
3160
- {
3161
- "deprecationReason": null,
3162
- "description": "Always-On Bypass Reason",
3163
- "isDeprecated": false,
3164
- "name": "bypass_reason"
3165
- },
3166
- {
3167
- "deprecationReason": null,
3168
- "description": "Sign In Types",
3169
- "isDeprecated": false,
3170
- "name": "sign_in_event_types"
3171
- },
3172
- {
3173
- "deprecationReason": null,
3174
- "description": "Unique identifier for the tenant within a multi-tenant environment",
3175
- "isDeprecated": false,
3176
- "name": "tenant_id"
3177
- },
3178
- {
3179
- "deprecationReason": null,
3180
- "description": "Tenant Name",
3181
- "isDeprecated": false,
3182
- "name": "tenant_name"
3183
- },
3184
- {
3185
- "deprecationReason": null,
3186
- "description": "User Agent",
3187
- "isDeprecated": false,
3188
- "name": "user_agent"
3189
- },
3190
- {
3191
- "deprecationReason": null,
3192
- "description": "Vendor Event Id",
3193
- "isDeprecated": false,
3194
- "name": "vendor_event_id"
3195
- },
3196
- {
3197
- "deprecationReason": null,
3198
- "description": "Vendor Device Id",
3199
- "isDeprecated": false,
3200
- "name": "vendor_device_id"
3201
- },
3202
- {
3203
- "deprecationReason": null,
3204
- "description": "Vendor Device Name",
3205
- "isDeprecated": false,
3206
- "name": "vendor_device_name"
3207
- },
3208
- {
3209
- "deprecationReason": null,
3210
- "description": "Is Compliant",
3211
- "isDeprecated": false,
3212
- "name": "is_compliant"
3213
- },
3214
- {
3215
- "deprecationReason": null,
3216
- "description": "Is Managed",
3217
- "isDeprecated": false,
3218
- "name": "is_managed"
3219
- },
3220
- {
3221
- "deprecationReason": null,
3222
- "description": "Trust Type",
3223
- "isDeprecated": false,
3224
- "name": "trust_type"
3225
- },
3226
- {
3227
- "deprecationReason": null,
3228
- "description": "Confidence Level",
3229
- "isDeprecated": false,
3230
- "name": "confidence_level"
3231
- },
3232
- {
3233
- "deprecationReason": null,
3234
- "description": "Defines the scanning methods used by the DLP system",
3235
- "isDeprecated": false,
3236
- "name": "dlp_scan_types"
3237
- },
3238
- {
3239
- "deprecationReason": null,
3240
- "description": "Network Access",
3241
- "isDeprecated": false,
3242
- "name": "network_access"
3243
- },
3244
- {
3245
- "deprecationReason": null,
3246
- "description": "Analyst Verdict",
3247
- "isDeprecated": false,
3248
- "name": "analyst_verdict"
3249
- },
3250
- {
3251
- "deprecationReason": null,
3252
- "description": "Criticality",
3253
- "isDeprecated": false,
3254
- "name": "criticality"
3255
- },
3256
- {
3257
- "deprecationReason": null,
3258
- "description": "Indication",
3259
- "isDeprecated": false,
3260
- "name": "indication"
3261
- },
3262
- {
3263
- "deprecationReason": null,
3264
- "description": "Producer",
3265
- "isDeprecated": false,
3266
- "name": "producer"
3267
- },
3268
- {
3269
- "deprecationReason": null,
3270
- "description": "Story Id",
3271
- "isDeprecated": false,
3272
- "name": "story_id"
3273
- },
3274
- {
3275
- "deprecationReason": null,
3276
- "description": "Raw Data",
3277
- "isDeprecated": false,
3278
- "name": "raw_data"
3279
- },
3280
- {
3281
- "deprecationReason": null,
3282
- "description": "Trigger",
3283
- "isDeprecated": false,
3284
- "name": "trigger"
3285
- },
3286
- {
3287
- "deprecationReason": null,
3288
- "description": "Matched network rule",
3289
- "isDeprecated": false,
3290
- "name": "network_rule"
3291
- },
3292
- {
3293
- "deprecationReason": null,
3294
- "description": "The algorithm that is used (CUBIC /NewReno / BBR)",
3295
- "isDeprecated": false,
3296
- "name": "congestion_algorithm"
3297
- },
3298
- {
3299
- "deprecationReason": null,
3300
- "description": "Shows if traffic was TCP accelerated or not",
3301
- "isDeprecated": false,
3302
- "name": "tcp_acceleration"
3303
- },
3304
- {
3305
- "deprecationReason": null,
3306
- "description": "Shows if traffic was TLS inspected or not",
3307
- "isDeprecated": false,
3308
- "name": "tls_inspection"
3309
- },
3310
- {
3311
- "deprecationReason": null,
3312
- "description": "Public source IP",
3313
- "isDeprecated": false,
3314
- "name": "public_ip"
3315
- },
3316
- {
3317
- "deprecationReason": null,
3318
- "description": "Egress Site Name for backhauling traffic",
3319
- "isDeprecated": false,
3320
- "name": "egress_site_name"
3321
- },
3322
- {
3323
- "deprecationReason": null,
3324
- "description": "Egress PoP Name",
3325
- "isDeprecated": false,
3326
- "name": "egress_pop_name"
3327
- },
3328
- {
3329
- "deprecationReason": null,
3330
- "description": "QoS Priority value",
3331
- "isDeprecated": false,
3332
- "name": "qos_priority"
3333
- },
3334
- {
3335
- "deprecationReason": null,
3336
- "description": "Split Tunnel Configuration",
3337
- "isDeprecated": false,
3338
- "name": "split_tunnel_configuration"
3339
- },
3340
- {
3341
- "deprecationReason": null,
3342
- "description": "Pac File Enabled/Disabled",
3343
- "isDeprecated": false,
3344
- "name": "pac_file"
3345
- },
3346
- {
3347
- "deprecationReason": null,
3348
- "description": "Always-on Configuration",
3349
- "isDeprecated": false,
3350
- "name": "always_on_configuration"
3351
- },
3352
- {
3353
- "deprecationReason": null,
3354
- "description": "Lan access Allowed / Blocked",
3355
- "isDeprecated": false,
3356
- "name": "vpn_lan_access"
3357
- },
3358
- {
3359
- "deprecationReason": null,
3360
- "description": "Connect on boot Enabled/Disabled",
3361
- "isDeprecated": false,
3362
- "name": "connect_on_boot"
3363
- },
3364
- {
3365
- "deprecationReason": null,
3366
- "description": "Trusted networks Enabled/Disabled",
3367
- "isDeprecated": false,
3368
- "name": "trusted_networks"
3369
- },
3370
- {
3371
- "deprecationReason": null,
3372
- "description": "Office mode Enabled/Disabled",
3373
- "isDeprecated": false,
3374
- "name": "office_mode"
3375
- },
3376
- {
3377
- "deprecationReason": null,
3378
- "description": "Device Certificate Validated/Not Validated",
3379
- "isDeprecated": false,
3380
- "name": "device_certificate"
3381
- },
3382
- {
3383
- "deprecationReason": null,
3384
- "description": "Tunnel Protocol TCP/UDP",
3385
- "isDeprecated": false,
3386
- "name": "tunnel_ip_protocol"
3387
- },
3388
- {
3389
- "deprecationReason": null,
3390
- "description": "For SaaS Security API, description of Apps Security Notification",
3391
- "isDeprecated": false,
3392
- "name": "notification_description"
3393
- },
3394
- {
3395
- "deprecationReason": null,
3396
- "description": "For SaaS Security API, API Error of Apps Security Notification",
3397
- "isDeprecated": false,
3398
- "name": "notification_api_error"
3399
- },
3400
- {
3401
- "deprecationReason": null,
3402
- "description": "The URL that links directly to the object involved in the activity",
3403
- "isDeprecated": false,
3404
- "name": "reference_url"
3405
- },
3406
- {
3407
- "deprecationReason": null,
3408
- "description": "SaaS user activities into categories.",
3409
- "isDeprecated": false,
3410
- "name": "app_activity_category"
3411
- },
3412
- {
3413
- "deprecationReason": null,
3414
- "description": "Indicates whether an activity requires administrative permissions.",
3415
- "isDeprecated": false,
3416
- "name": "is_admin_activity"
3417
- },
3418
- {
3419
- "deprecationReason": null,
3420
- "description": "Classifies users based on their permissions.",
3421
- "isDeprecated": false,
3422
- "name": "is_admin"
3423
- },
3424
- {
3425
- "deprecationReason": null,
3426
- "description": "Shows the display name of the target user involved in an activity",
3427
- "isDeprecated": false,
3428
- "name": "collaborator_name"
3429
- },
3430
- {
3431
- "deprecationReason": null,
3432
- "description": "The unique identifier by the SaaS vendor for the target group in an activity.",
3433
- "isDeprecated": false,
3434
- "name": "dest_group_id"
3435
- },
3436
- {
3437
- "deprecationReason": null,
3438
- "description": "Identifies the target group involved in an activity",
3439
- "isDeprecated": false,
3440
- "name": "dest_group_name"
3441
- },
3442
- {
3443
- "deprecationReason": null,
3444
- "description": "Identifies system access software or device",
3445
- "isDeprecated": false,
3446
- "name": "access_method"
3447
- },
3448
- {
3449
- "deprecationReason": null,
3450
- "description": "Shows the id of the target user involved in an activity",
3451
- "isDeprecated": false,
3452
- "name": "vendor_collaborator_id"
3453
- },
3454
- {
3455
- "deprecationReason": null,
3456
- "description": "Device Categories",
3457
- "isDeprecated": false,
3458
- "name": "device_categories"
3459
- },
154
+ }
155
+ },
156
+ "interfaces": null,
157
+ "kind": "INPUT_OBJECT",
158
+ "name": "FieldNameInput",
159
+ "possibleTypes": null
160
+ },
161
+ "indexType": "input_object",
162
+ "kind": [
163
+ "NON_NULL",
164
+ "INPUT_OBJECT"
165
+ ],
166
+ "name": "FieldNameInput",
167
+ "non_null": false
168
+ },
169
+ "varName": "fieldNameInput"
170
+ },
171
+ "operator": {
172
+ "defaultValue": null,
173
+ "description": "Use AuditFieldName for audits",
174
+ "id_str": "filters___operator",
175
+ "name": "operator",
176
+ "path": "filters.operator",
177
+ "requestStr": "$operator:ElasticOperator! ",
178
+ "required": true,
179
+ "responseStr": "operator:$operator ",
180
+ "type": {
181
+ "definition": {
182
+ "description": "Search operators on ElasticSearch. Between operators are applicable only to numeric fields\nNote that not operators are slower",
183
+ "enumValues": [
184
+ {
185
+ "deprecationReason": null,
186
+ "description": null,
187
+ "isDeprecated": false,
188
+ "name": "is"
189
+ },
190
+ {
191
+ "deprecationReason": null,
192
+ "description": null,
193
+ "isDeprecated": false,
194
+ "name": "is_not"
195
+ },
196
+ {
197
+ "deprecationReason": null,
198
+ "description": null,
199
+ "isDeprecated": false,
200
+ "name": "in"
201
+ },
202
+ {
203
+ "deprecationReason": null,
204
+ "description": null,
205
+ "isDeprecated": false,
206
+ "name": "not_in"
207
+ },
208
+ {
209
+ "deprecationReason": null,
210
+ "description": null,
211
+ "isDeprecated": false,
212
+ "name": "exists"
213
+ },
214
+ {
215
+ "deprecationReason": null,
216
+ "description": null,
217
+ "isDeprecated": false,
218
+ "name": "not_exists"
219
+ },
220
+ {
221
+ "deprecationReason": null,
222
+ "description": null,
223
+ "isDeprecated": false,
224
+ "name": "between"
225
+ },
226
+ {
227
+ "deprecationReason": null,
228
+ "description": null,
229
+ "isDeprecated": false,
230
+ "name": "not_between"
231
+ }
232
+ ],
233
+ "fields": null,
234
+ "inputFields": null,
235
+ "interfaces": null,
236
+ "kind": "ENUM",
237
+ "name": "ElasticOperator",
238
+ "possibleTypes": null
239
+ },
240
+ "indexType": "enum",
241
+ "kind": [
242
+ "NON_NULL",
243
+ "ENUM"
244
+ ],
245
+ "name": "ElasticOperator",
246
+ "non_null": false
247
+ },
248
+ "varName": "operator"
249
+ },
250
+ "values": {
251
+ "defaultValue": null,
252
+ "description": null,
253
+ "id_str": "filters___values",
254
+ "name": "values",
255
+ "path": "filters.values",
256
+ "requestStr": "$values:[String] ",
257
+ "required": false,
258
+ "responseStr": "values:$values ",
259
+ "type": {
260
+ "kind": [
261
+ "LIST",
262
+ "NON_NULL",
263
+ "SCALAR"
264
+ ],
265
+ "name": "String",
266
+ "non_null": false
267
+ },
268
+ "varName": "values"
269
+ }
270
+ },
271
+ "interfaces": null,
272
+ "kind": "INPUT_OBJECT",
273
+ "name": "AuditFieldFilterInput",
274
+ "possibleTypes": null
275
+ },
276
+ "indexType": "input_object",
277
+ "kind": [
278
+ "LIST",
279
+ "NON_NULL",
280
+ "INPUT_OBJECT"
281
+ ],
282
+ "name": "AuditFieldFilterInput",
283
+ "non_null": false
284
+ },
285
+ "varName": "auditFieldFilterInput"
286
+ },
287
+ "marker": {
288
+ "defaultValue": null,
289
+ "description": "Marker to use to get results from",
290
+ "id_str": "marker",
291
+ "name": "marker",
292
+ "path": "marker",
293
+ "requestStr": "$marker:String ",
294
+ "required": false,
295
+ "responseStr": "marker:$marker ",
296
+ "type": {
297
+ "kind": [
298
+ "SCALAR"
299
+ ],
300
+ "name": "String",
301
+ "non_null": false
302
+ },
303
+ "varName": "marker"
304
+ },
305
+ "timeFrame": {
306
+ "defaultValue": null,
307
+ "description": null,
308
+ "id_str": "timeFrame",
309
+ "name": "timeFrame",
310
+ "path": "timeFrame",
311
+ "requestStr": "$timeFrame:TimeFrame! ",
312
+ "required": true,
313
+ "responseStr": "timeFrame:$timeFrame ",
314
+ "type": {
315
+ "kind": [
316
+ "NON_NULL",
317
+ "SCALAR"
318
+ ],
319
+ "name": "TimeFrame",
320
+ "non_null": false
321
+ },
322
+ "varName": "timeFrame"
323
+ }
324
+ },
325
+ "deprecationReason": null,
326
+ "description": "Audit Feed for account changes",
327
+ "fieldTypes": {
328
+ "AuditFeedAccountRecords": true,
329
+ "AuditRecord": true,
330
+ "Entity": true,
331
+ "EntityInfo": true,
332
+ "EntityType": true
333
+ },
334
+ "isDeprecated": false,
335
+ "name": "auditFeed",
336
+ "operationArgs": {
337
+ "accountIDs": {
338
+ "defaultValue": null,
339
+ "description": "List of Unique Account Identifiers.",
340
+ "id_str": "accountIDs",
341
+ "name": "accountIDs",
342
+ "path": "accountIDs",
343
+ "requestStr": "$accountIDs:[ID!] ",
344
+ "required": false,
345
+ "responseStr": "accountIDs:$accountIDs ",
346
+ "type": {
347
+ "kind": [
348
+ "LIST",
349
+ "NON_NULL",
350
+ "SCALAR"
351
+ ],
352
+ "name": "ID",
353
+ "non_null": false
354
+ },
355
+ "varName": "accountIDs"
356
+ },
357
+ "auditFieldFilterInput": {
358
+ "defaultValue": null,
359
+ "description": null,
360
+ "id_str": "filters",
361
+ "name": "filters",
362
+ "path": "filters",
363
+ "requestStr": "$auditFieldFilterInput:[AuditFieldFilterInput!] ",
364
+ "required": false,
365
+ "responseStr": "filters:$auditFieldFilterInput ",
366
+ "type": {
367
+ "definition": {
368
+ "description": null,
369
+ "enumValues": null,
370
+ "fields": null,
371
+ "inputFields": {
372
+ "fieldName": {
373
+ "defaultValue": null,
374
+ "description": null,
375
+ "id_str": "filters___fieldName",
376
+ "name": "fieldName",
377
+ "path": "filters.fieldName",
378
+ "requestStr": "$fieldNameInput:FieldNameInput! ",
379
+ "required": true,
380
+ "responseStr": "fieldName:$fieldNameInput ",
381
+ "type": {
382
+ "definition": {
383
+ "description": "FieldName for the different types of FieldName inputs\nUse the EventFieldName for events, and AuditFieldName for audit",
384
+ "enumValues": null,
385
+ "fields": null,
386
+ "inputFields": {
387
+ "AuditFieldName": {
388
+ "defaultValue": null,
389
+ "description": null,
390
+ "id_str": "filters___fieldName___AuditFieldName",
391
+ "name": "AuditFieldName",
392
+ "path": "filters.fieldName.AuditFieldName",
393
+ "requestStr": "$auditFieldName:AuditFieldName ",
394
+ "required": false,
395
+ "responseStr": "AuditFieldName:$auditFieldName ",
396
+ "type": {
397
+ "definition": {
398
+ "description": null,
399
+ "enumValues": [
3460
400
  {
3461
401
  "deprecationReason": null,
3462
- "description": "Device Manufacturer",
402
+ "description": "The admin whose action generated the record",
3463
403
  "isDeprecated": false,
3464
- "name": "device_manufacturer"
404
+ "name": "admin"
3465
405
  },
3466
406
  {
3467
407
  "deprecationReason": null,
3468
- "description": "Device Model",
408
+ "description": "The api key whose action generated the record",
3469
409
  "isDeprecated": false,
3470
- "name": "device_model"
410
+ "name": "apiKey"
3471
411
  },
3472
412
  {
3473
413
  "deprecationReason": null,
3474
- "description": "Device OS Type",
414
+ "description": "The name of the object that was affected, e.g. 'My Site'",
3475
415
  "isDeprecated": false,
3476
- "name": "device_os_type"
416
+ "name": "model_name"
3477
417
  },
3478
418
  {
3479
419
  "deprecationReason": null,
3480
- "description": "Device Type",
420
+ "description": "The ID of the admin whose action generated the record",
3481
421
  "isDeprecated": false,
3482
- "name": "device_type"
422
+ "name": "admin_id"
3483
423
  },
3484
424
  {
3485
425
  "deprecationReason": null,
3486
- "description": "Tenant Restriction Rule Name",
426
+ "description": "Less granular than model_name, a general marker of the modified area: administration, configuration, security",
3487
427
  "isDeprecated": false,
3488
- "name": "tenant_restriction_rule_name"
428
+ "name": "module"
3489
429
  },
3490
430
  {
3491
431
  "deprecationReason": null,
3492
- "description": "Connection Origin",
432
+ "description": null,
3493
433
  "isDeprecated": false,
3494
- "name": "connection_origin"
434
+ "name": "audit_creation_type"
3495
435
  },
3496
436
  {
3497
437
  "deprecationReason": null,
3498
- "description": "Translated Server IP",
438
+ "description": "Time the record was committed to storage",
3499
439
  "isDeprecated": false,
3500
- "name": "translated_server_ip"
440
+ "name": "insertion_date"
3501
441
  },
3502
442
  {
3503
443
  "deprecationReason": null,
3504
- "description": "Translated Client IP",
444
+ "description": "the nature of the change: `CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED`",
3505
445
  "isDeprecated": false,
3506
- "name": "translated_client_ip"
446
+ "name": "change_type"
3507
447
  },
3508
448
  {
3509
449
  "deprecationReason": null,
3510
- "description": "IoC Container Name",
450
+ "description": "Time the record was created",
3511
451
  "isDeprecated": false,
3512
- "name": "container_name"
452
+ "name": "creation_date"
3513
453
  },
3514
454
  {
3515
455
  "deprecationReason": null,
3516
- "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
456
+ "description": "The type of object that was affected. e.g. Site, Socket, SocketInterface",
3517
457
  "isDeprecated": false,
3518
- "name": "correlation_id"
458
+ "name": "model_type"
3519
459
  },
3520
460
  {
3521
461
  "deprecationReason": null,
3522
- "description": "Precedence",
462
+ "description": "The name of the account on which the record was created",
3523
463
  "isDeprecated": false,
3524
- "name": "precedence"
464
+ "name": "account"
3525
465
  },
3526
466
  {
3527
467
  "deprecationReason": null,
3528
- "description": "A list of labels providing additional context for the event",
468
+ "description": "The id of the account on which the record was created",
3529
469
  "isDeprecated": false,
3530
- "name": "labels"
470
+ "name": "account_id"
3531
471
  }
3532
472
  ],
3533
473
  "fields": null,
3534
474
  "inputFields": null,
3535
475
  "interfaces": null,
3536
476
  "kind": "ENUM",
3537
- "name": "EventFieldName",
477
+ "name": "AuditFieldName",
3538
478
  "possibleTypes": null
3539
479
  },
3540
480
  "indexType": "enum",
3541
481
  "kind": [
3542
482
  "ENUM"
3543
483
  ],
3544
- "name": "EventFieldName",
484
+ "name": "AuditFieldName",
3545
485
  "non_null": false
3546
486
  },
3547
- "varName": "eventFieldName"
487
+ "varName": "auditFieldName"
3548
488
  }
3549
489
  },
3550
490
  "interfaces": null,
@@ -5265,9 +2205,6 @@
5265
2205
  "fieldNameInput": {
5266
2206
  "AuditFieldName": {
5267
2207
  "AuditFieldName": "enum(AuditFieldName)"
5268
- },
5269
- "EventFieldName": {
5270
- "EventFieldName": "enum(EventFieldName)"
5271
2208
  }
5272
2209
  },
5273
2210
  "operator": {