catocli 1.0.21__py3-none-any.whl → 2.0.1__py3-none-any.whl

models/query.eventsFeed.json

@@ -381,155 +381,119 @@
                 "definition": {
                     "description": null,
                     "enumValues": [
-                        {
-                            "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                            "description": "Name of site or user initiating the connection",
-                            "isDeprecated": true,
-                            "name": "src_site"
-                        },
-                        {
-                            "deprecationReason": null,
-                            "description": "Unique internal Cato ID for the site or remote user",
-                            "isDeprecated": false,
-                            "name": "src_site_id"
-                        },
                         {
                             "deprecationReason": null,
-                            "description": "Static host",
+                            "description": "Identifies system access software or device",
                             "isDeprecated": false,
-                            "name": "static_host"
+                            "name": "access_method"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "User ID",
+                            "description": "Account ID",
                             "isDeprecated": false,
-                            "name": "user_id"
-                        },
-                        {
-                            "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                            "description": "For WAN traffic, name of destination site or SDP user",
-                            "isDeprecated": true,
-                            "name": "dest_site"
+                            "name": "account_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Unique internal Cato ID for the destination site or remote user",
+                            "description": "Firewall, QoS or LAG action",
                             "isDeprecated": false,
-                            "name": "dest_site_id"
-                        },
-                        {
-                            "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
-                            "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
-                            "isDeprecated": true,
-                            "name": "src_or_dest_site_id"
-                        },
-                        {
-                            "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                            "description": "Name of security rule related to the event",
-                            "isDeprecated": true,
-                            "name": "rule"
+                            "name": "action"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)",
+                            "description": "A list of actions taken, if more than one action was taken as defined by a policy",
                             "isDeprecated": false,
-                            "name": "ISP_name"
+                            "name": "actions_taken"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Name for Socket interface",
+                            "description": "Active Directory name",
                             "isDeprecated": false,
-                            "name": "socket_interface"
-                        },
-                        {
-                            "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                            "description": "Name for the custom category defined in the Cato Management Application",
-                            "isDeprecated": true,
-                            "name": "custom_category"
+                            "name": "ad_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Host name of Domain Controller that created LDAP event",
+                            "description": "A unique identifier of the alert notification",
                             "isDeprecated": false,
-                            "name": "directory_host_name"
+                            "name": "alert_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Destination port",
+                            "description": "Always-on Configuration",
                             "isDeprecated": false,
-                            "name": "dest_port"
+                            "name": "always_on_configuration"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "BGP ASN for remote peer",
+                            "description": "Analyst Verdict",
                             "isDeprecated": false,
-                            "name": "bgp_peer_asn"
+                            "name": "analyst_verdict"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For Block/Prompt page, reference ID to report incorrect category",
+                            "description": "The name of the API, e.g. eventsFeed",
                             "isDeprecated": false,
-                            "name": "user_reference_id"
+                            "name": "api_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Internal port number",
+                            "description": "Specifies whether the API is a query (read) or a mutation (create/update/delete)",
                             "isDeprecated": false,
-                            "name": "src_port"
+                            "name": "api_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Data that measures the packet loss for a specific link",
+                            "description": "Name of application activity",
                             "isDeprecated": false,
-                            "name": "link_health_pkt_loss"
+                            "name": "app_activity"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Name of PoP location",
+                            "description": "SaaS user activities into categories.",
                             "isDeprecated": false,
-                            "name": "pop_name"
+                            "name": "app_activity_category"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "IP address of host related to event",
+                            "description": "Activity type",
                             "isDeprecated": false,
-                            "name": "host_ip"
+                            "name": "app_activity_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Cato's description of the event",
+                            "description": "Related Apps",
                             "isDeprecated": false,
-                            "name": "event_message"
+                            "name": "app_stack"
                         },
                         {
-                            "deprecationReason": null,
-                            "description": "Source site or remote user",
-                            "isDeprecated": false,
-                            "name": "src_site_name"
+                            "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                            "description": "For Internet firewall, app for this event",
+                            "isDeprecated": true,
+                            "name": "application"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Domain name based on the SSL SNI, HTTP host name, or DNS name",
+                            "description": "Application ID of the flow",
                             "isDeprecated": false,
-                            "name": "domain_name"
+                            "name": "application_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Destination IP address",
+                            "description": "The name of the application associated with the flow",
                             "isDeprecated": false,
-                            "name": "dest_ip"
+                            "name": "application_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "File hash",
+                            "description": "Application risk score",
                             "isDeprecated": false,
-                            "name": "file_hash"
+                            "name": "application_risk"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "IP address provided by ISP to site or Client",
+                            "description": "Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN",
                             "isDeprecated": false,
-                            "name": "src_isp_ip"
+                            "name": "auth_method"
                         },
                         {
                             "deprecationReason": null,
@@ -539,105 +503,99 @@
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Rule name",
+                            "description": "BGP ASN for Cato peer",
                             "isDeprecated": false,
-                            "name": "rule_name"
+                            "name": "bgp_cato_asn"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Result of LDAP Domain Controller sync event",
+                            "description": "BGP IP for Cato peer",
                             "isDeprecated": false,
-                            "name": "directory_sync_result"
+                            "name": "bgp_cato_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "MAC address of host related to event",
+                            "description": "BGP disconnect error code",
                             "isDeprecated": false,
-                            "name": "host_mac"
+                            "name": "bgp_error_code"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Type of malware event",
+                            "description": "BGP ASN for remote peer",
                             "isDeprecated": false,
-                            "name": "threat_type"
+                            "name": "bgp_peer_asn"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Result of malware event (clean indicates a safe file)",
+                            "description": "BGP IP for remote peer",
                             "isDeprecated": false,
-                            "name": "threat_verdict"
+                            "name": "bgp_peer_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Name for device related to the event",
+                            "description": "CIDR for BGP route",
                             "isDeprecated": false,
-                            "name": "device_name"
+                            "name": "bgp_route_cidr"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Link type \u2013 Cato, Alt. WAN or LAG",
+                            "description": "BGP disconnect error message",
                             "isDeprecated": false,
-                            "name": "link_type"
+                            "name": "bgp_suberror_code"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)",
+                            "description": "Always-On Bypass Duration In Seconds",
                             "isDeprecated": false,
-                            "name": "login_type"
+                            "name": "bypass_duration_sec"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For hosts configured with a static IP in the Cato Management Application, the host name",
+                            "description": "Always-On Bypass Method",
                             "isDeprecated": false,
-                            "name": "configured_host_name"
-                        },
-                        {
-                            "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                            "description": "Cato Internal-use only",
-                            "isDeprecated": true,
-                            "name": "internalId"
+                            "name": "bypass_method"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Event Id",
+                            "description": "Always-On Bypass Reason",
                             "isDeprecated": false,
-                            "name": "event_id"
+                            "name": "bypass_reason"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Type of LDAP Domain Controller sync event",
+                            "description": "Cato system category",
                             "isDeprecated": false,
-                            "name": "directory_sync_type"
+                            "name": "categories"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "User\u2019s email address",
+                            "description": "Cato application name",
                             "isDeprecated": false,
-                            "name": "vpn_user_email"
+                            "name": "cato_app"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Type of process generating this traffic",
+                            "description": "Activity classification, e.g. FALSE_POSITIVE",
                             "isDeprecated": false,
-                            "name": "client_class"
+                            "name": "classification"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)",
+                            "description": "Expiration date for Client certificate",
                             "isDeprecated": false,
-                            "name": "incident_aggregation"
+                            "name": "client_cert_expires"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Type of Socket reset (Hardware/Software)",
+                            "description": "Name of Client certificate",
                             "isDeprecated": false,
-                            "name": "socket_reset"
+                            "name": "client_cert_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "User that generated the event",
+                            "description": "Type of process generating this traffic",
                             "isDeprecated": false,
-                            "name": "user_name"
+                            "name": "client_class"
                         },
                         {
                             "deprecationReason": null,
@@ -647,747 +605,735 @@
                         },
                         {
                             "deprecationReason": null,
-                            "description": "File size",
+                            "description": "Shows the display name of the target user involved in an activity",
                             "isDeprecated": false,
-                            "name": "file_size"
+                            "name": "collaborator_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)",
+                            "description": "For SaaS Security API, email addresses of the users that received the file",
                             "isDeprecated": false,
-                            "name": "registration_code"
+                            "name": "collaborators"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "BGP disconnect error code",
+                            "description": "Confidence Level",
                             "isDeprecated": false,
-                            "name": "bgp_error_code"
-                        },
-                        {
-                            "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
-                            "description": "Description from Cato Management Application for BGP peer",
-                            "isDeprecated": true,
-                            "name": "bgp_peer_description"
+                            "name": "confidence_level"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked",
+                            "description": "For hosts configured with a static IP in the Cato Management Application, the host name",
                             "isDeprecated": false,
-                            "name": "threat_name"
+                            "name": "configured_host_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For QoS, the time that this QoS event started. The event is generated when the QoS event finishes",
+                            "description": "The algorithm that is used (CUBIC /NewReno / BBR)",
                             "isDeprecated": false,
-                            "name": "qos_reported_time"
+                            "name": "congestion_algorithm"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Network protocol for this event",
+                            "description": "Connect on boot Enabled/Disabled",
                             "isDeprecated": false,
-                            "name": "ip_protocol"
+                            "name": "connect_on_boot"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "BGP ASN for Cato peer",
+                            "description": "Connection Origin",
                             "isDeprecated": false,
-                            "name": "bgp_cato_asn"
+                            "name": "connection_origin"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "IP for host or Cato Client",
+                            "description": "For SaaS Security API, name of the connector",
                             "isDeprecated": false,
-                            "name": "src_ip"
+                            "name": "connector_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Link to external malware reference",
+                            "description": "For SaaS Security API, status of the connector",
                             "isDeprecated": false,
-                            "name": "threat_reference"
+                            "name": "connector_status"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Firewall, QoS or LAG action",
+                            "description": "For SaaS Security API, SaaS app for the connector",
                             "isDeprecated": false,
-                            "name": "action"
+                            "name": "connector_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For LDAP sync events, name of the AD domain",
+                            "description": "IoC Container Name",
                             "isDeprecated": false,
-                            "name": "windows_domain_name"
+                            "name": "container_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low \u2013 ie. adware Medium \u2013 ie. network scans High \u2013 ie. spyware or worms",
+                            "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
                             "isDeprecated": false,
-                            "name": "risk_level"
+                            "name": "correlation_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For Socket upgrade, previous version number",
+                            "description": "Criticality",
                             "isDeprecated": false,
-                            "name": "socket_old_version"
+                            "name": "criticality"
                         },
                         {
-                            "deprecationReason": null,
-                            "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
-                            "isDeprecated": false,
-                            "name": "link_health_latency"
+                            "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                            "description": "Unique Cato ID for the custom category",
+                            "isDeprecated": true,
+                            "name": "custom_categories"
                         },
                         {
-                            "deprecationReason": null,
-                            "description": "Protocol for the tunnel",
-                            "isDeprecated": false,
-                            "name": "tunnel_protocol"
+                            "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                            "description": "Name for the custom category defined in the Cato Management Application",
+                            "isDeprecated": true,
+                            "name": "custom_category"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For Socket upgrades, new version number",
+                            "description": "Custom category ID",
                             "isDeprecated": false,
-                            "name": "socket_new_version"
+                            "name": "custom_category_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Socket version number",
-                            "isDeprecated": false,
-                            "name": "socket_version"
-                        },
-                        {
-                            "deprecationReason": null,
-                            "description": "Data that measures the jitter for a specific link",
+                            "description": "Custom category name",
                             "isDeprecated": false,
-                            "name": "link_health_jitter"
+                            "name": "custom_category_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Socket upgrade start time (Linux epoch format)",
+                            "description": "For Internet traffic, country where the destination host is located",
                             "isDeprecated": false,
-                            "name": "upgrade_start_time"
+                            "name": "dest_country"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "BGP IP for Cato peer",
+                            "description": "For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)",
                             "isDeprecated": false,
-                            "name": "bgp_cato_ip"
+                            "name": "dest_country_code"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Cato system category",
+                            "description": "The unique identifier by the SaaS vendor for the target group in an activity.",
                             "isDeprecated": false,
-                            "name": "categories"
+                            "name": "dest_group_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Unique Cato ID for the security rule related to the event",
+                            "description": "Identifies the target group involved in an activity",
                             "isDeprecated": false,
-                            "name": "rule_id"
+                            "name": "dest_group_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For Socket HA events, indicates if the Socket is primary or secondary",
+                            "description": "Destination IP address",
                             "isDeprecated": false,
-                            "name": "socket_role"
+                            "name": "dest_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Number of targets (servers) associated with this event",
+                            "description": "For WAN traffic, destination is site or SDP user",
                             "isDeprecated": false,
-                            "name": "targets_cardinality"
+                            "name": "dest_is_site_or_vpn"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)",
+                            "description": "The destination process ID",
                             "isDeprecated": false,
-                            "name": "upgrade_initiated_by"
+                            "name": "dest_pid"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For WAN traffic, destination is site or SDP user",
+                            "description": "Destination port",
                             "isDeprecated": false,
-                            "name": "dest_is_site_or_vpn"
+                            "name": "dest_port"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "BGP IP for remote peer",
+                            "description": "Destination process command line",
                             "isDeprecated": false,
-                            "name": "bgp_peer_ip"
+                            "name": "dest_process_cmdline"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Source type: site or remote user",
+                            "description": "Destination process parent file path",
                             "isDeprecated": false,
-                            "name": "src_is_site_or_vpn"
+                            "name": "dest_process_parent_path"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Active Directory name",
+                            "description": "Destination process parent process ID",
                             "isDeprecated": false,
-                            "name": "ad_name"
+                            "name": "dest_process_parent_pid"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Method used to get identity with User Awareness (such as Identity Agent)",
+                            "description": "Destination process file path",
                             "isDeprecated": false,
-                            "name": "user_awareness_method"
+                            "name": "dest_process_path"
                         },
                         {
-                            "deprecationReason": null,
-                            "description": "Data that measures the congestion for a specific link",
-                            "isDeprecated": false,
-                            "name": "link_health_is_congested"
+                            "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                            "description": "For WAN traffic, name of destination site or SDP user",
+                            "isDeprecated": true,
+                            "name": "dest_site"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Name of subnet as defined in Cato Management Application",
+                            "description": "Unique internal Cato ID for the destination site or remote user",
                             "isDeprecated": false,
-                            "name": "subnet_name"
+                            "name": "dest_site_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "OS version for the device (such as 14.3.0)",
+                            "description": "The name of the destination site",
                             "isDeprecated": false,
-                            "name": "os_version"
+                            "name": "dest_site_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Sub-type for Routing, Security, Connectivity, System or Sockets Management event",
+                            "description": "Short description of the detection",
                             "isDeprecated": false,
-                            "name": "event_sub_type"
+                            "name": "detection_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Host OS or tunnel device",
+                            "description": "Triggered when malware has been detected EPP Behavioral engines and has been dealt with:\n\u2022 on_detection: the event is triggered upon malware detection;\n\u2022 on_end_disinfect: the event is triggered upon detection and followed disinfection;\n\u2022 on_inject: the event is triggered upon code injection.",
                             "isDeprecated": false,
-                            "name": "os_type"
+                            "name": "detection_stage"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Direction of network traffic for this event, values are inbound or outbound",
+                            "description": "Device Categories",
                             "isDeprecated": false,
-                            "name": "traffic_direction"
+                            "name": "device_categories"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "BGP disconnect error message",
+                            "description": "Device Certificate Validated/Not Validated",
                             "isDeprecated": false,
-                            "name": "bgp_suberror_code"
+                            "name": "device_certificate"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "CIDR for BGP route",
+                            "description": "Unique Cato ID for devices",
                             "isDeprecated": false,
-                            "name": "bgp_route_cidr"
+                            "name": "device_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Unique Cato ID that identifies this security incident",
+                            "description": "Device Manufacturer",
                             "isDeprecated": false,
-                            "name": "incident_id"
-                        },
-                        {
-                            "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                            "description": "For Internet firewall, app for this event",
-                            "isDeprecated": true,
-                            "name": "application"
+                            "name": "device_manufacturer"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The name of the application associated with the flow",
+                            "description": "Device Model",
                             "isDeprecated": false,
-                            "name": "application_name"
+                            "name": "device_model"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Application ID of the flow",
+                            "description": "Name for device related to the event",
                             "isDeprecated": false,
-                            "name": "application_id"
+                            "name": "device_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Socket upgrade end time (Linux epoch format):",
+                            "description": "Device OS Type",
                             "isDeprecated": false,
-                            "name": "upgrade_end_time"
+                            "name": "device_os_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Socket interface ID",
+                            "description": "Device posture profiles",
                             "isDeprecated": false,
-                            "name": "socket_interface_id"
+                            "name": "device_posture_profile"
                         },
                         {
-                            "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                            "description": "Unique Cato ID for the custom category",
+                            "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                            "description": "Device posture profiles",
                             "isDeprecated": true,
-                            "name": "custom_categories"
+                            "name": "device_posture_profiles"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Custom category ID",
+                            "description": "Device Type",
                             "isDeprecated": false,
-                            "name": "custom_category_id"
+                            "name": "device_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Custom category name",
+                            "description": "Host name of Domain Controller that created LDAP event",
                             "isDeprecated": false,
-                            "name": "custom_category_name"
+                            "name": "directory_host_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Country in which the source host is located (detected via public IP address)",
+                            "description": "IP address of Domain Controller that created LDAP event",
                             "isDeprecated": false,
-                            "name": "src_country"
+                            "name": "directory_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Country Code of country in which the source host is located (detected via public IP address)",
+                            "description": "Result of LDAP Domain Controller sync event",
                             "isDeprecated": false,
-                            "name": "src_country_code"
+                            "name": "directory_sync_result"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Count for events that are repeated multiple times during one minute",
+                            "description": "Type of LDAP Domain Controller sync event",
                             "isDeprecated": false,
-                            "name": "event_count"
+                            "name": "directory_sync_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "File name",
+                            "description": "If policy is set to disinfect, return the result of this action",
                             "isDeprecated": false,
-                            "name": "file_name"
+                            "name": "disinfect_result"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "IP address of Domain Controller that created LDAP event",
+                            "description": "Describes the behavior when the DLP system encounters a failure",
                             "isDeprecated": false,
-                            "name": "directory_ip"
+                            "name": "dlp_fail_mode"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Time stamp of event (Linux epoch format)",
+                            "description": "DLP profiles related to the event",
                             "isDeprecated": false,
-                            "name": "time"
+                            "name": "dlp_profiles"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "URL associated with the event",
+                            "description": "Defines the scanning methods used by the DLP system",
                             "isDeprecated": false,
-                            "name": "url"
+                            "name": "dlp_scan_types"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For Internet traffic, country where the destination host is located",
+                            "description": "Cato\u2019s DNS Protection type that matched the DNS request",
                             "isDeprecated": false,
-                            "name": "dest_country"
+                            "name": "dns_protection_category"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)",
+                            "description": "Domain queried in the DNS request",
                             "isDeprecated": false,
-                            "name": "dest_country_code"
+                            "name": "dns_query"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Amount of flows for a given incident",
+                            "description": "Domain name based on the SSL SNI, HTTP host name, or DNS name",
                             "isDeprecated": false,
-                            "name": "flows_cardinality"
+                            "name": "domain_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The name of the destination site",
+                            "description": "Egress PoP Name",
                             "isDeprecated": false,
-                            "name": "dest_site_name"
+                            "name": "egress_pop_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Routing, Security, Connectivity, System or Sockets Management event",
+                            "description": "Egress Site Name for backhauling traffic",
                             "isDeprecated": false,
-                            "name": "event_type"
+                            "name": "egress_site_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Account ID",
+                            "description": "Email Subject",
                             "isDeprecated": false,
-                            "name": "account_id"
+                            "name": "email_subject"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For IPS and SAM, ID of the IPS signature",
+                            "description": "The ID for the endpoint",
                             "isDeprecated": false,
-                            "name": "signature_id"
+                            "name": "endpoint_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Expiration date for Client certificate",
+                            "description": "The Endpoint Protection Engine that detected the malware",
                             "isDeprecated": false,
-                            "name": "client_cert_expires"
+                            "name": "epp_engine_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Name of Client certificate",
+                            "description": "The profile assigned to the endpoint upon detection of the malware",
                             "isDeprecated": false,
-                            "name": "client_cert_name"
+                            "name": "epp_profile"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Is the app for this event defined as a sanctioned app? (True/False)",
+                            "description": "Count for events that are repeated multiple times during one minute",
                             "isDeprecated": false,
-                            "name": "is_sanctioned_app"
+                            "name": "event_count"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Name of application activity",
+                            "description": "Event Id",
                             "isDeprecated": false,
-                            "name": "app_activity"
+                            "name": "event_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Activity type",
+                            "description": "Cato's description of the event",
                             "isDeprecated": false,
-                            "name": "app_activity_type"
+                            "name": "event_message"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Device posture profiles",
+                            "description": "Sub-type for Routing, Security, Connectivity, System or Sockets Management event",
                             "isDeprecated": false,
-                            "name": "device_posture_profile"
+                            "name": "event_sub_type"
                         },
                         {
-                            "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                            "description": "Device posture profiles",
-                            "isDeprecated": true,
-                            "name": "device_posture_profiles"
+                            "deprecationReason": null,
+                            "description": "Routing, Security, Connectivity, System or Sockets Management event",
+                            "isDeprecated": false,
+                            "name": "event_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Full path URL application activity",
+                            "description": "Provides details about why a specific action or process failed",
                             "isDeprecated": false,
-                            "name": "full_path_url"
+                            "name": "failure_reason"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Application risk score",
+                            "description": "File hash",
                             "isDeprecated": false,
-                            "name": "application_risk"
+                            "name": "file_hash"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Mitre attack techniques",
+                            "description": "File name",
                             "isDeprecated": false,
-                            "name": "mitre_attack_techniques"
+                            "name": "file_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Mitre attack subtechniques",
+                            "description": "The file operation when this event occurred",
                             "isDeprecated": false,
-                            "name": "mitre_attack_subtechniques"
+                            "name": "file_operation"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Mitre attack tactics",
+                            "description": "File size",
                             "isDeprecated": false,
-                            "name": "mitre_attack_tactics"
+                            "name": "file_size"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Indicator",
+                            "description": "File type",
                             "isDeprecated": false,
-                            "name": "indicator"
+                            "name": "file_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For SaaS Security API, SaaS app for the connector",
+                            "description": "The final status for this object after performing actions as defined by the policy",
                             "isDeprecated": false,
-                            "name": "connector_type"
+                            "name": "final_object_status"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For SaaS Security API, name of the connector",
+                            "description": "Amount of flows for a given incident",
                             "isDeprecated": false,
-                            "name": "connector_name"
+                            "name": "flows_cardinality"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For SaaS Security API, status of the connector",
+                            "description": "Full path URL application activity",
                             "isDeprecated": false,
-                            "name": "connector_status"
+                            "name": "full_path_url"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For SaaS Security API, parent Microsoft 365 connector",
+                            "description": "An identifier for a guest user using Cato through a Captive Portal",
                             "isDeprecated": false,
-                            "name": "parent_connector_name"
+                            "name": "guest_user"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "File type",
+                            "description": "IP address of host related to event",
                             "isDeprecated": false,
-                            "name": "file_type"
+                            "name": "host_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Describes the behavior when the DLP system encounters a failure",
+                            "description": "MAC address of host related to event",
                             "isDeprecated": false,
-                            "name": "dlp_fail_mode"
+                            "name": "host_mac"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "DLP profiles related to the event",
+                            "description": "HTTP request method (ie. Get, Post)",
                             "isDeprecated": false,
-                            "name": "dlp_profiles"
+                            "name": "http_request_method"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Matched DLP data types related to the event",
+                            "description": "For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)",
                             "isDeprecated": false,
-                            "name": "matched_data_types"
+                            "name": "incident_aggregation"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Severity defined for the rule",
+                            "description": "Unique Cato ID that identifies this security incident",
                             "isDeprecated": false,
-                            "name": "severity"
+                            "name": "incident_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For SaaS Security API, email address of the file owner",
+                            "description": "Indication",
                             "isDeprecated": false,
-                            "name": "owner"
+                            "name": "indication"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For SaaS Security API, email addresses of the users that received the file",
+                            "description": "Indicator",
                             "isDeprecated": false,
-                            "name": "collaborators"
+                            "name": "indicator"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Email Subject",
+                            "description": "The initial status of the object, before any policy was applied",
                             "isDeprecated": false,
-                            "name": "email_subject"
+                            "name": "initial_object_status"
+                        },
+                        {
+                            "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                            "description": "Cato Internal-use only",
+                            "isDeprecated": true,
+                            "name": "internalId"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Sharing Options for the file (such as SharePoint)",
+                            "description": "Network protocol for this event",
                             "isDeprecated": false,
-                            "name": "sharing_scope"
+                            "name": "ip_protocol"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Cato\u2019s DNS Protection type that matched the DNS request",
+                            "description": "Classifies users based on their permissions.",
                             "isDeprecated": false,
-                            "name": "dns_protection_category"
+                            "name": "is_admin"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "If the events was part of the sinkhole flow",
+                            "description": "Indicates whether an activity requires administrative permissions.",
                             "isDeprecated": false,
-                            "name": "is_sinkhole"
+                            "name": "is_admin_activity"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The ID for the endpoint",
+                            "description": "Is Compliant",
                             "isDeprecated": false,
-                            "name": "endpoint_id"
+                            "name": "is_compliant"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The Endpoint Protection Engine that detected the malware",
+                            "description": "Is Managed",
                             "isDeprecated": false,
-                            "name": "epp_engine_type"
+                            "name": "is_managed"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The file operation when this event occurred",
+                            "description": "Is the app for this event defined as a sanctioned app? (True/False)",
                             "isDeprecated": false,
-                            "name": "file_operation"
+                            "name": "is_sanctioned_app"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "If the events was part of the sinkhole flow",
                             "isDeprecated": false,
-                            "name": "final_object_status"
+                            "name": "is_sinkhole"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)",
                             "isDeprecated": false,
-                            "name": "object_name"
+                            "name": "ISP_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Name defined for the public API Key in the Cato Management Application",
                             "isDeprecated": false,
-                            "name": "object_type"
+                            "name": "key_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "A list of labels providing additional context for the event",
                             "isDeprecated": false,
-                            "name": "object_id"
+                            "name": "labels"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Data that measures the congestion for a specific link",
                             "isDeprecated": false,
-                            "name": "alert_id"
+                            "name": "link_health_is_congested"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The vendor that identified the incident, such as Cato or Microsoft",
+                            "description": "Data that measures the jitter for a specific link",
                             "isDeprecated": false,
-                            "name": "vendor"
+                            "name": "link_health_jitter"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
                             "isDeprecated": false,
-                            "name": "vendor_user_id"
+                            "name": "link_health_latency"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Data that measures the packet loss for a specific link",
                             "isDeprecated": false,
-                            "name": "status"
+                            "name": "link_health_pkt_loss"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Link type \u2013 Cato, Alt. WAN or LAG",
                             "isDeprecated": false,
-                            "name": "classification"
+                            "name": "link_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "The user logged into this endpoint during this event",
                             "isDeprecated": false,
-                            "name": "quarantine_folder_path"
+                            "name": "logged_in_user"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)",
                             "isDeprecated": false,
-                            "name": "title"
+                            "name": "login_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Matched DLP data types related to the event",
                             "isDeprecated": false,
-                            "name": "recommended_actions"
+                            "name": "matched_data_types"
                         },
                         {
-                            "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
-                            "description": null,
-                            "isDeprecated": true,
-                            "name": "pid"
+                            "deprecationReason": null,
+                            "description": "Mitre attack subtechniques",
+                            "isDeprecated": false,
+                            "name": "mitre_attack_subtechniques"
                         },
                         {
-                            "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
-                            "description": null,
-                            "isDeprecated": true,
-                            "name": "parent_pid"
+                            "deprecationReason": null,
+                            "description": "Mitre attack tactics",
+                            "isDeprecated": false,
+                            "name": "mitre_attack_tactics"
                         },
                         {
-                            "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
-                            "description": null,
-                            "isDeprecated": true,
-                            "name": "process_path"
+                            "deprecationReason": null,
+                            "description": "Mitre attack techniques",
+                            "isDeprecated": false,
+                            "name": "mitre_attack_techniques"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Network Access",
                             "isDeprecated": false,
-                            "name": "failure_reason"
+                            "name": "network_access"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Matched network rule",
                             "isDeprecated": false,
-                            "name": "out_of_band_access"
+                            "name": "network_rule"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "A Unique ID for the quarantined file",
+                            "description": "For SaaS Security API, API Error of Apps Security Notification",
                             "isDeprecated": false,
-                            "name": "quarantine_uuid"
+                            "name": "notification_api_error"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "For SaaS Security API, description of Apps Security Notification",
                             "isDeprecated": false,
-                            "name": "logged_in_user"
+                            "name": "notification_description"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The profile assigned to the endpoint upon detection of the malware",
+                            "description": "Unique identifier by the 3rd party App of the object being referenced",
                             "isDeprecated": false,
-                            "name": "epp_profile"
+                            "name": "object_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Source process ID",
+                            "description": "The name of the object for this event (for example: file name)",
                             "isDeprecated": false,
-                            "name": "src_pid"
+                            "name": "object_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Source process file path",
+                            "description": "Specifies the type of object being acted upon (e.g., file, folder)",
                             "isDeprecated": false,
-                            "name": "src_process_path"
+                            "name": "object_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Source process command line",
+                            "description": "Office mode Enabled/Disabled",
                             "isDeprecated": false,
-                            "name": "src_process_cmdline"
+                            "name": "office_mode"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Source process parent process ID",
+                            "description": "Host OS or tunnel device",
                             "isDeprecated": false,
-                            "name": "src_process_parent_pid"
+                            "name": "os_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Source process parent file path",
+                            "description": "OS version for the device (such as 14.3.0)",
                             "isDeprecated": false,
-                            "name": "src_process_parent_path"
+                            "name": "os_version"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The destination process ID",
+                            "description": "Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App)",
                             "isDeprecated": false,
-                            "name": "dest_pid"
+                            "name": "out_of_band_access"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Destination process file path",
+                            "description": "For SaaS Security API, email address of the file owner",
                             "isDeprecated": false,
-                            "name": "dest_process_path"
+                            "name": "owner"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Destination process command line",
+                            "description": "Pac File Enabled/Disabled",
                             "isDeprecated": false,
-                            "name": "dest_process_cmdline"
+                            "name": "pac_file"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Destination process parent process ID",
+                            "description": "For SaaS Security API, parent Microsoft 365 connector",
                             "isDeprecated": false,
-                            "name": "dest_process_parent_pid"
+                            "name": "parent_connector_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Destination process parent file path",
+                            "description": "Name of PoP location",
                             "isDeprecated": false,
-                            "name": "dest_process_parent_path"
+                            "name": "pop_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "If policy is set to disinfect, return the result of this action",
+                            "description": "Precedence",
                             "isDeprecated": false,
-                            "name": "disinfect_result"
+                            "name": "precedence"
                         },
                         {
                             "deprecationReason": null,
@@ -1397,494 +1343,584 @@
                         },
                         {
                             "deprecationReason": null,
-                            "description": "HTTP request method (ie. Get, Post)",
+                            "description": "Producer",
                             "isDeprecated": false,
-                            "name": "http_request_method"
+                            "name": "producer"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "XFF HTTP header indicates the original IP address for the connections",
+                            "description": "Prompt Page Selected Action",
                             "isDeprecated": false,
-                            "name": "xff"
+                            "name": "prompt_action"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Domain queried in the DNS request",
+                            "description": "Public source IP",
                             "isDeprecated": false,
-                            "name": "dns_query"
+                            "name": "public_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Name defined for the public API Key in the Cato Management Application",
+                            "description": "QoS Priority value",
                             "isDeprecated": false,
-                            "name": "key_name"
+                            "name": "qos_priority"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "For QoS, the time that this QoS event started. The event is generated when the QoS event finishes",
                             "isDeprecated": false,
-                            "name": "api_type"
+                            "name": "qos_reported_time"
                         },
                         {
                             "deprecationReason": null,
-                            "description": null,
+                            "description": "Specifies the path to a quarantine folder for isolated files",
                             "isDeprecated": false,
-                            "name": "api_name"
+                            "name": "quarantine_folder_path"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Related Apps",
+                            "description": "A Unique ID for the quarantined file",
                             "isDeprecated": false,
-                            "name": "app_stack"
+                            "name": "quarantine_uuid"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "TLS Inspection rule name",
+                            "description": "Raw Data",
                             "isDeprecated": false,
-                            "name": "tls_rule_name"
+                            "name": "raw_data"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "TLS Certificate Error",
+                            "description": "Textual recommendation of the steps to take",
                             "isDeprecated": false,
-                            "name": "tls_certificate_error"
+                            "name": "recommended_actions"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "TLS Version",
+                            "description": "The URL that links directly to the object involved in the activity",
                             "isDeprecated": false,
-                            "name": "tls_version"
+                            "name": "reference_url"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "TLS Error Type",
+                            "description": "Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)",
                             "isDeprecated": false,
-                            "name": "tls_error_type"
+                            "name": "registration_code"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "TLS Error Description",
+                            "description": "(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low \u2013 ie. adware Medium \u2013 ie. network scans High \u2013 ie. spyware or worms",
                             "isDeprecated": false,
-                            "name": "tls_error_description"
+                            "name": "risk_level"
                         },
                         {
-                            "deprecationReason": null,
-                            "description": "Cato application name",
-                            "isDeprecated": false,
-                            "name": "cato_app"
+                            "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                            "description": "Name of security rule related to the event",
+                            "isDeprecated": true,
+                            "name": "rule"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Prompt Page Selected Action",
+                            "description": "Unique Cato ID for the security rule related to the event",
                             "isDeprecated": false,
-                            "name": "prompt_action"
+                            "name": "rule_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Unique Cato ID for devices",
+                            "description": "Rule name",
                             "isDeprecated": false,
-                            "name": "device_id"
+                            "name": "rule_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Unique Cato Visible ID for devices",
+                            "description": "Severity defined for the rule",
                             "isDeprecated": false,
-                            "name": "visible_device_id"
+                            "name": "severity"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN",
+                            "description": "Sharing Options for the file (such as SharePoint)",
                             "isDeprecated": false,
-                            "name": "auth_method"
+                            "name": "sharing_scope"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Always-On Bypass Method",
+                            "description": "Sign In Types",
                             "isDeprecated": false,
-                            "name": "bypass_method"
+                            "name": "sign_in_event_types"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Always-On Bypass Duration In Seconds",
+                            "description": "For IPS and SAM, ID of the IPS signature",
                             "isDeprecated": false,
-                            "name": "bypass_duration_sec"
+                            "name": "signature_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Always-On Bypass Reason",
+                            "description": "Name for Socket interface",
                             "isDeprecated": false,
-                            "name": "bypass_reason"
+                            "name": "socket_interface"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Sign In Types",
+                            "description": "Socket interface ID",
                             "isDeprecated": false,
-                            "name": "sign_in_event_types"
+                            "name": "socket_interface_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Unique identifier for the tenant within a multi-tenant environment",
+                            "description": "For Socket upgrades, new version number",
                             "isDeprecated": false,
-                            "name": "tenant_id"
+                            "name": "socket_new_version"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Tenant Name",
+                            "description": "For Socket upgrade, previous version number",
                             "isDeprecated": false,
-                            "name": "tenant_name"
+                            "name": "socket_old_version"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "User Agent",
+                            "description": "Type of Socket reset (Hardware/Software)",
                             "isDeprecated": false,
-                            "name": "user_agent"
+                            "name": "socket_reset"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Vendor Event Id",
+                            "description": "For Socket HA events, indicates if the Socket is primary or secondary",
                             "isDeprecated": false,
-                            "name": "vendor_event_id"
+                            "name": "socket_role"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Vendor Device Id",
+                            "description": "Socket serial number",
                             "isDeprecated": false,
-                            "name": "vendor_device_id"
+                            "name": "socket_serial"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Vendor Device Name",
+                            "description": "Socket version number",
                             "isDeprecated": false,
-                            "name": "vendor_device_name"
+                            "name": "socket_version"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Is Compliant",
+                            "description": "Split Tunnel Configuration",
                             "isDeprecated": false,
-                            "name": "is_compliant"
+                            "name": "split_tunnel_configuration"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Is Managed",
+                            "description": "Country in which the source host is located (detected via public IP address)",
                             "isDeprecated": false,
-                            "name": "is_managed"
+                            "name": "src_country"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Trust Type",
+                            "description": "Country Code of country in which the source host is located (detected via public IP address)",
                             "isDeprecated": false,
-                            "name": "trust_type"
+                            "name": "src_country_code"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Confidence Level",
+                            "description": "IP for host or Cato Client",
                             "isDeprecated": false,
-                            "name": "confidence_level"
+                            "name": "src_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Defines the scanning methods used by the DLP system",
+                            "description": "Source type: site or remote user",
                             "isDeprecated": false,
-                            "name": "dlp_scan_types"
+                            "name": "src_is_site_or_vpn"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Network Access",
+                            "description": "IP address provided by ISP to site or Client",
                             "isDeprecated": false,
-                            "name": "network_access"
+                            "name": "src_isp_ip"
+                        },
+                        {
+                            "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
+                            "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
+                            "isDeprecated": true,
+                            "name": "src_or_dest_site_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Analyst Verdict",
+                            "description": "Source process ID",
                             "isDeprecated": false,
-                            "name": "analyst_verdict"
+                            "name": "src_pid"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Criticality",
+                            "description": "Internal port number",
                             "isDeprecated": false,
-                            "name": "criticality"
+                            "name": "src_port"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Indication",
+                            "description": "Source process command line",
                             "isDeprecated": false,
-                            "name": "indication"
+                            "name": "src_process_cmdline"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Producer",
+                            "description": "Source process parent file path",
                             "isDeprecated": false,
-                            "name": "producer"
+                            "name": "src_process_parent_path"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Story Id",
+                            "description": "Source process parent process ID",
                             "isDeprecated": false,
-                            "name": "story_id"
+                            "name": "src_process_parent_pid"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Raw Data",
+                            "description": "Source process file path",
                             "isDeprecated": false,
-                            "name": "raw_data"
+                            "name": "src_process_path"
+                        },
+                        {
+                            "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                            "description": "Name of site or user initiating the connection",
+                            "isDeprecated": true,
+                            "name": "src_site"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Trigger",
+                            "description": "Unique internal Cato ID for the site or remote user",
                             "isDeprecated": false,
-                            "name": "trigger"
+                            "name": "src_site_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Matched network rule",
+                            "description": "Source site or remote user",
                             "isDeprecated": false,
-                            "name": "network_rule"
+                            "name": "src_site_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The algorithm that is used (CUBIC /NewReno / BBR)",
+                            "description": "Static host",
                             "isDeprecated": false,
-                            "name": "congestion_algorithm"
+                            "name": "static_host"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Shows if traffic was TCP accelerated or not",
+                            "description": "The story status.\nPossible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring",
                             "isDeprecated": false,
-                            "name": "tcp_acceleration"
+                            "name": "status"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Shows if traffic was TLS inspected or not",
+                            "description": "Story Id",
                             "isDeprecated": false,
-                            "name": "tls_inspection"
+                            "name": "story_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Public source IP",
+                            "description": "Name of subnet as defined in Cato Management Application",
                             "isDeprecated": false,
-                            "name": "public_ip"
+                            "name": "subnet_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Egress Site Name for backhauling traffic",
+                            "description": "Number of targets (servers) associated with this event",
                             "isDeprecated": false,
-                            "name": "egress_site_name"
+                            "name": "targets_cardinality"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Egress PoP Name",
+                            "description": "Shows if traffic was TCP accelerated or not",
                             "isDeprecated": false,
-                            "name": "egress_pop_name"
+                            "name": "tcp_acceleration"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "QoS Priority value",
+                            "description": "Unique identifier for the tenant within a multi-tenant environment",
                             "isDeprecated": false,
-                            "name": "qos_priority"
+                            "name": "tenant_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Split Tunnel Configuration",
+                            "description": "Tenant Name",
                             "isDeprecated": false,
-                            "name": "split_tunnel_configuration"
+                            "name": "tenant_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Pac File Enabled/Disabled",
+                            "description": "Tenant Restriction Rule Name",
                             "isDeprecated": false,
-                            "name": "pac_file"
+                            "name": "tenant_restriction_rule_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Always-on Configuration",
+                            "description": "Contains the detection risk level. Could be one of the following:\n\u2022 Info - this is information-only event, the activity is not malicious;\n\u2022 Suspicious - the event is suspicious. It may be malicious, but there is not enough information\n\u2022 Malware - the event is malicious activity",
                             "isDeprecated": false,
-                            "name": "always_on_configuration"
+                            "name": "threat_confidence"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Lan access Allowed / Blocked",
+                            "description": "For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked",
                             "isDeprecated": false,
-                            "name": "vpn_lan_access"
+                            "name": "threat_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Connect on boot Enabled/Disabled",
+                            "description": "Link to external malware reference",
                             "isDeprecated": false,
-                            "name": "connect_on_boot"
+                            "name": "threat_reference"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Trusted networks Enabled/Disabled",
+                            "description": "The higher the score, the more dangerous the event. In range between 1 - 100 inclusive",
                             "isDeprecated": false,
-                            "name": "trusted_networks"
+                            "name": "threat_score"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Office mode Enabled/Disabled",
+                            "description": "Type of malware event",
                             "isDeprecated": false,
-                            "name": "office_mode"
+                            "name": "threat_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Device Certificate Validated/Not Validated",
+                            "description": "Result of malware event (clean indicates a safe file)",
                             "isDeprecated": false,
-                            "name": "device_certificate"
+                            "name": "threat_verdict"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Tunnel Protocol TCP/UDP",
+                            "description": "Time stamp of the event (Linux epoch format)",
                             "isDeprecated": false,
-                            "name": "tunnel_ip_protocol"
+                            "name": "time"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For SaaS Security API, description of Apps Security Notification",
+                            "description": "Time stamp of the event (Human-readable format)",
                             "isDeprecated": false,
-                            "name": "notification_description"
+                            "name": "time_str"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "For SaaS Security API, API Error of Apps Security Notification",
+                            "description": "A short summary of the activity",
                             "isDeprecated": false,
-                            "name": "notification_api_error"
+                            "name": "title"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The URL that links directly to the object involved in the activity",
+                            "description": "TLS Certificate Error",
                             "isDeprecated": false,
-                            "name": "reference_url"
+                            "name": "tls_certificate_error"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "SaaS user activities into categories.",
+                            "description": "TLS Error Description",
                             "isDeprecated": false,
-                            "name": "app_activity_category"
+                            "name": "tls_error_description"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Indicates whether an activity requires administrative permissions.",
+                            "description": "TLS Error Type",
                             "isDeprecated": false,
-                            "name": "is_admin_activity"
+                            "name": "tls_error_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Classifies users based on their permissions.",
+                            "description": "Shows if traffic was TLS inspected or not",
                             "isDeprecated": false,
-                            "name": "is_admin"
+                            "name": "tls_inspection"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Shows the display name of the target user involved in an activity",
+                            "description": "TLS Inspection rule name",
                             "isDeprecated": false,
-                            "name": "collaborator_name"
+                            "name": "tls_rule_name"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "The unique identifier by the SaaS vendor for the target group in an activity.",
+                            "description": "TLS Version",
                             "isDeprecated": false,
-                            "name": "dest_group_id"
+                            "name": "tls_version"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Identifies the target group involved in an activity",
+                            "description": "Direction of network traffic for this event, values are inbound or outbound",
                             "isDeprecated": false,
-                            "name": "dest_group_name"
+                            "name": "traffic_direction"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Identifies system access software or device",
+                            "description": "Translated Client IP",
                             "isDeprecated": false,
-                            "name": "access_method"
+                            "name": "translated_client_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Shows the id of the target user involved in an activity",
+                            "description": "Translated Server IP",
                             "isDeprecated": false,
-                            "name": "vendor_collaborator_id"
+                            "name": "translated_server_ip"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Device Categories",
+                            "description": "Trigger",
                             "isDeprecated": false,
-                            "name": "device_categories"
+                            "name": "trigger"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Device Manufacturer",
+                            "description": "Trust Type",
                             "isDeprecated": false,
-                            "name": "device_manufacturer"
+                            "name": "trust_type"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Device Model",
+                            "description": "Trusted networks Enabled/Disabled",
                             "isDeprecated": false,
-                            "name": "device_model"
+                            "name": "trusted_networks"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Device OS Type",
+                            "description": "Tunnel Protocol TCP/UDP",
                             "isDeprecated": false,
-                            "name": "device_os_type"
+                            "name": "tunnel_ip_protocol"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Device Type",
+                            "description": "Protocol for the tunnel",
                             "isDeprecated": false,
-                            "name": "device_type"
+                            "name": "tunnel_protocol"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Tenant Restriction Rule Name",
+                            "description": "Socket upgrade end time (Linux epoch format):",
                             "isDeprecated": false,
-                            "name": "tenant_restriction_rule_name"
+                            "name": "upgrade_end_time"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Connection Origin",
+                            "description": "Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)",
                             "isDeprecated": false,
-                            "name": "connection_origin"
+                            "name": "upgrade_initiated_by"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Translated Server IP",
+                            "description": "Socket upgrade start time (Linux epoch format)",
                             "isDeprecated": false,
-                            "name": "translated_server_ip"
+                            "name": "upgrade_start_time"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Translated Client IP",
+                            "description": "URL associated with the event",
                             "isDeprecated": false,
-                            "name": "translated_client_ip"
+                            "name": "url"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "IoC Container Name",
+                            "description": "User Agent",
                             "isDeprecated": false,
-                            "name": "container_name"
+                            "name": "user_agent"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
+                            "description": "Method used to get identity with User Awareness (such as Identity Agent)",
                             "isDeprecated": false,
-                            "name": "correlation_id"
+                            "name": "user_awareness_method"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "Precedence",
+                            "description": "User ID",
                             "isDeprecated": false,
-                            "name": "precedence"
+                            "name": "user_id"
                         },
                         {
                             "deprecationReason": null,
-                            "description": "A list of labels providing additional context for the event",
+                            "description": "User that generated the event",
                             "isDeprecated": false,
-                            "name": "labels"
-                        }
-                    ],
-                    "fields": null,
-                    "inputFields": null,
-                    "interfaces": null,
+                            "name": "user_name"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "For Block/Prompt page, reference ID to report incorrect category",
+                            "isDeprecated": false,
+                            "name": "user_reference_id"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "User risk level category",
+                            "isDeprecated": false,
+                            "name": "user_risk_level"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "The vendor that identified the incident, such as Cato or Microsoft",
+                            "isDeprecated": false,
+                            "name": "vendor"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "Shows the id of the target user involved in an activity",
+                            "isDeprecated": false,
+                            "name": "vendor_collaborator_id"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "Vendor Device Id",
+                            "isDeprecated": false,
+                            "name": "vendor_device_id"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "Vendor Device Name",
+                            "isDeprecated": false,
+                            "name": "vendor_device_name"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "Vendor Event Id",
+                            "isDeprecated": false,
+                            "name": "vendor_event_id"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "Identifies the user in the vendor\u2019s system",
+                            "isDeprecated": false,
+                            "name": "vendor_user_id"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "Unique Cato Visible ID for devices",
+                            "isDeprecated": false,
+                            "name": "visible_device_id"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "Lan access Allowed / Blocked",
+                            "isDeprecated": false,
+                            "name": "vpn_lan_access"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "User\u2019s email address",
+                            "isDeprecated": false,
+                            "name": "vpn_user_email"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "For LDAP sync events, name of the AD domain",
+                            "isDeprecated": false,
+                            "name": "windows_domain_name"
+                        },
+                        {
+                            "deprecationReason": null,
+                            "description": "XFF HTTP header indicates the original IP address for the connections",
+                            "isDeprecated": false,
+                            "name": "xff"
+                        }
+                    ],
+                    "fields": null,
+                    "inputFields": null,
+                    "interfaces": null,
                     "kind": "ENUM",
                     "name": "EventFieldName",
                     "possibleTypes": null
@@ -1998,208 +2034,244 @@
                                                     "description": null,
                                                     "enumValues": [
                                                         {
-                                                            "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                                                            "description": "Name of site or user initiating the connection",
-                                                            "isDeprecated": true,
-                                                            "name": "src_site"
+                                                            "deprecationReason": null,
+                                                            "description": "Identifies system access software or device",
+                                                            "isDeprecated": false,
+                                                            "name": "access_method"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Unique internal Cato ID for the site or remote user",
+                                                            "description": "Account ID",
                                                             "isDeprecated": false,
-                                                            "name": "src_site_id"
+                                                            "name": "account_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Static host",
+                                                            "description": "Firewall, QoS or LAG action",
                                                             "isDeprecated": false,
-                                                            "name": "static_host"
+                                                            "name": "action"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "User ID",
+                                                            "description": "A list of actions taken, if more than one action was taken as defined by a policy",
                                                             "isDeprecated": false,
-                                                            "name": "user_id"
+                                                            "name": "actions_taken"
                                                         },
                                                         {
-                                                            "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                                                            "description": "For WAN traffic, name of destination site or SDP user",
-                                                            "isDeprecated": true,
-                                                            "name": "dest_site"
+                                                            "deprecationReason": null,
+                                                            "description": "Active Directory name",
+                                                            "isDeprecated": false,
+                                                            "name": "ad_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Unique internal Cato ID for the destination site or remote user",
+                                                            "description": "A unique identifier of the alert notification",
                                                             "isDeprecated": false,
-                                                            "name": "dest_site_id"
+                                                            "name": "alert_id"
                                                         },
                                                         {
-                                                            "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
-                                                            "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
-                                                            "isDeprecated": true,
-                                                            "name": "src_or_dest_site_id"
+                                                            "deprecationReason": null,
+                                                            "description": "Always-on Configuration",
+                                                            "isDeprecated": false,
+                                                            "name": "always_on_configuration"
                                                         },
                                                         {
-                                                            "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                                                            "description": "Name of security rule related to the event",
-                                                            "isDeprecated": true,
-                                                            "name": "rule"
+                                                            "deprecationReason": null,
+                                                            "description": "Analyst Verdict",
+                                                            "isDeprecated": false,
+                                                            "name": "analyst_verdict"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)",
+                                                            "description": "The name of the API, e.g. eventsFeed",
                                                             "isDeprecated": false,
-                                                            "name": "ISP_name"
+                                                            "name": "api_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Name for Socket interface",
+                                                            "description": "Specifies whether the API is a query (read) or a mutation (create/update/delete)",
                                                             "isDeprecated": false,
-                                                            "name": "socket_interface"
+                                                            "name": "api_type"
                                                         },
                                                         {
-                                                            "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                                                            "description": "Name for the custom category defined in the Cato Management Application",
+                                                            "deprecationReason": null,
+                                                            "description": "Name of application activity",
+                                                            "isDeprecated": false,
+                                                            "name": "app_activity"
+                                                        },
+                                                        {
+                                                            "deprecationReason": null,
+                                                            "description": "SaaS user activities into categories.",
+                                                            "isDeprecated": false,
+                                                            "name": "app_activity_category"
+                                                        },
+                                                        {
+                                                            "deprecationReason": null,
+                                                            "description": "Activity type",
+                                                            "isDeprecated": false,
+                                                            "name": "app_activity_type"
+                                                        },
+                                                        {
+                                                            "deprecationReason": null,
+                                                            "description": "Related Apps",
+                                                            "isDeprecated": false,
+                                                            "name": "app_stack"
+                                                        },
+                                                        {
+                                                            "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                                                            "description": "For Internet firewall, app for this event",
                                                             "isDeprecated": true,
-                                                            "name": "custom_category"
+                                                            "name": "application"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Host name of Domain Controller that created LDAP event",
+                                                            "description": "Application ID of the flow",
                                                             "isDeprecated": false,
-                                                            "name": "directory_host_name"
+                                                            "name": "application_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Destination port",
+                                                            "description": "The name of the application associated with the flow",
                                                             "isDeprecated": false,
-                                                            "name": "dest_port"
+                                                            "name": "application_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "BGP ASN for remote peer",
+                                                            "description": "Application risk score",
                                                             "isDeprecated": false,
-                                                            "name": "bgp_peer_asn"
+                                                            "name": "application_risk"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For Block/Prompt page, reference ID to report incorrect category",
+                                                            "description": "Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN",
                                                             "isDeprecated": false,
-                                                            "name": "user_reference_id"
+                                                            "name": "auth_method"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Internal port number",
+                                                            "description": "Examples: MFA or password",
                                                             "isDeprecated": false,
-                                                            "name": "src_port"
+                                                            "name": "authentication_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Data that measures the packet loss for a specific link",
+                                                            "description": "BGP ASN for Cato peer",
                                                             "isDeprecated": false,
-                                                            "name": "link_health_pkt_loss"
+                                                            "name": "bgp_cato_asn"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Name of PoP location",
+                                                            "description": "BGP IP for Cato peer",
                                                             "isDeprecated": false,
-                                                            "name": "pop_name"
+                                                            "name": "bgp_cato_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "IP address of host related to event",
+                                                            "description": "BGP disconnect error code",
                                                             "isDeprecated": false,
-                                                            "name": "host_ip"
+                                                            "name": "bgp_error_code"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Cato's description of the event",
+                                                            "description": "BGP ASN for remote peer",
                                                             "isDeprecated": false,
-                                                            "name": "event_message"
+                                                            "name": "bgp_peer_asn"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Source site or remote user",
+                                                            "description": "BGP IP for remote peer",
                                                             "isDeprecated": false,
-                                                            "name": "src_site_name"
+                                                            "name": "bgp_peer_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Domain name based on the SSL SNI, HTTP host name, or DNS name",
+                                                            "description": "CIDR for BGP route",
                                                             "isDeprecated": false,
-                                                            "name": "domain_name"
+                                                            "name": "bgp_route_cidr"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Destination IP address",
+                                                            "description": "BGP disconnect error message",
                                                             "isDeprecated": false,
-                                                            "name": "dest_ip"
+                                                            "name": "bgp_suberror_code"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "File hash",
+                                                            "description": "Always-On Bypass Duration In Seconds",
                                                             "isDeprecated": false,
-                                                            "name": "file_hash"
+                                                            "name": "bypass_duration_sec"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "IP address provided by ISP to site or Client",
+                                                            "description": "Always-On Bypass Method",
                                                             "isDeprecated": false,
-                                                            "name": "src_isp_ip"
+                                                            "name": "bypass_method"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Examples: MFA or password",
+                                                            "description": "Always-On Bypass Reason",
                                                             "isDeprecated": false,
-                                                            "name": "authentication_type"
+                                                            "name": "bypass_reason"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Rule name",
+                                                            "description": "Cato system category",
                                                             "isDeprecated": false,
-                                                            "name": "rule_name"
+                                                            "name": "categories"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Result of LDAP Domain Controller sync event",
+                                                            "description": "Cato application name",
                                                             "isDeprecated": false,
-                                                            "name": "directory_sync_result"
+                                                            "name": "cato_app"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "MAC address of host related to event",
+                                                            "description": "Activity classification, e.g. FALSE_POSITIVE",
                                                             "isDeprecated": false,
-                                                            "name": "host_mac"
+                                                            "name": "classification"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Type of malware event",
+                                                            "description": "Expiration date for Client certificate",
                                                             "isDeprecated": false,
-                                                            "name": "threat_type"
+                                                            "name": "client_cert_expires"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Result of malware event (clean indicates a safe file)",
+                                                            "description": "Name of Client certificate",
                                                             "isDeprecated": false,
-                                                            "name": "threat_verdict"
+                                                            "name": "client_cert_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Name for device related to the event",
+                                                            "description": "Type of process generating this traffic",
                                                             "isDeprecated": false,
-                                                            "name": "device_name"
+                                                            "name": "client_class"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Link type \u2013 Cato, Alt. WAN or LAG",
+                                                            "description": "Socket or SDP Client version",
                                                             "isDeprecated": false,
-                                                            "name": "link_type"
+                                                            "name": "client_version"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)",
+                                                            "description": "Shows the display name of the target user involved in an activity",
                                                             "isDeprecated": false,
-                                                            "name": "login_type"
+                                                            "name": "collaborator_name"
+                                                        },
+                                                        {
+                                                            "deprecationReason": null,
+                                                            "description": "For SaaS Security API, email addresses of the users that received the file",
+                                                            "isDeprecated": false,
+                                                            "name": "collaborators"
+                                                        },
+                                                        {
+                                                            "deprecationReason": null,
+                                                            "description": "Confidence Level",
+                                                            "isDeprecated": false,
+                                                            "name": "confidence_level"
                                                         },
                                                         {
                                                             "deprecationReason": null,
@@ -2208,400 +2280,418 @@
                                                             "name": "configured_host_name"
                                                         },
                                                         {
-                                                            "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                                                            "description": "Cato Internal-use only",
-                                                            "isDeprecated": true,
-                                                            "name": "internalId"
+                                                            "deprecationReason": null,
+                                                            "description": "The algorithm that is used (CUBIC /NewReno / BBR)",
+                                                            "isDeprecated": false,
+                                                            "name": "congestion_algorithm"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Event Id",
+                                                            "description": "Connect on boot Enabled/Disabled",
                                                             "isDeprecated": false,
-                                                            "name": "event_id"
+                                                            "name": "connect_on_boot"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Type of LDAP Domain Controller sync event",
+                                                            "description": "Connection Origin",
                                                             "isDeprecated": false,
-                                                            "name": "directory_sync_type"
+                                                            "name": "connection_origin"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "User\u2019s email address",
+                                                            "description": "For SaaS Security API, name of the connector",
                                                             "isDeprecated": false,
-                                                            "name": "vpn_user_email"
+                                                            "name": "connector_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Type of process generating this traffic",
+                                                            "description": "For SaaS Security API, status of the connector",
                                                             "isDeprecated": false,
-                                                            "name": "client_class"
+                                                            "name": "connector_status"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)",
+                                                            "description": "For SaaS Security API, SaaS app for the connector",
                                                             "isDeprecated": false,
-                                                            "name": "incident_aggregation"
+                                                            "name": "connector_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Type of Socket reset (Hardware/Software)",
+                                                            "description": "IoC Container Name",
                                                             "isDeprecated": false,
-                                                            "name": "socket_reset"
+                                                            "name": "container_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "User that generated the event",
+                                                            "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
                                                             "isDeprecated": false,
-                                                            "name": "user_name"
+                                                            "name": "correlation_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Socket or SDP Client version",
+                                                            "description": "Criticality",
                                                             "isDeprecated": false,
-                                                            "name": "client_version"
+                                                            "name": "criticality"
+                                                        },
+                                                        {
+                                                            "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                                                            "description": "Unique Cato ID for the custom category",
+                                                            "isDeprecated": true,
+                                                            "name": "custom_categories"
+                                                        },
+                                                        {
+                                                            "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                                                            "description": "Name for the custom category defined in the Cato Management Application",
+                                                            "isDeprecated": true,
+                                                            "name": "custom_category"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "File size",
+                                                            "description": "Custom category ID",
                                                             "isDeprecated": false,
-                                                            "name": "file_size"
+                                                            "name": "custom_category_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)",
+                                                            "description": "Custom category name",
                                                             "isDeprecated": false,
-                                                            "name": "registration_code"
+                                                            "name": "custom_category_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "BGP disconnect error code",
+                                                            "description": "For Internet traffic, country where the destination host is located",
                                                             "isDeprecated": false,
-                                                            "name": "bgp_error_code"
+                                                            "name": "dest_country"
                                                         },
                                                         {
-                                                            "deprecationReason": "Planned end-of-life (EoL) date: April 15, 2025.",
-                                                            "description": "Description from Cato Management Application for BGP peer",
-                                                            "isDeprecated": true,
-                                                            "name": "bgp_peer_description"
+                                                            "deprecationReason": null,
+                                                            "description": "For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)",
+                                                            "isDeprecated": false,
+                                                            "name": "dest_country_code"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked",
+                                                            "description": "The unique identifier by the SaaS vendor for the target group in an activity.",
                                                             "isDeprecated": false,
-                                                            "name": "threat_name"
+                                                            "name": "dest_group_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For QoS, the time that this QoS event started. The event is generated when the QoS event finishes",
+                                                            "description": "Identifies the target group involved in an activity",
                                                             "isDeprecated": false,
-                                                            "name": "qos_reported_time"
+                                                            "name": "dest_group_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Network protocol for this event",
+                                                            "description": "Destination IP address",
                                                             "isDeprecated": false,
-                                                            "name": "ip_protocol"
+                                                            "name": "dest_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "BGP ASN for Cato peer",
+                                                            "description": "For WAN traffic, destination is site or SDP user",
                                                             "isDeprecated": false,
-                                                            "name": "bgp_cato_asn"
+                                                            "name": "dest_is_site_or_vpn"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "IP for host or Cato Client",
+                                                            "description": "The destination process ID",
                                                             "isDeprecated": false,
-                                                            "name": "src_ip"
+                                                            "name": "dest_pid"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Link to external malware reference",
+                                                            "description": "Destination port",
                                                             "isDeprecated": false,
-                                                            "name": "threat_reference"
+                                                            "name": "dest_port"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Firewall, QoS or LAG action",
+                                                            "description": "Destination process command line",
                                                             "isDeprecated": false,
-                                                            "name": "action"
+                                                            "name": "dest_process_cmdline"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For LDAP sync events, name of the AD domain",
+                                                            "description": "Destination process parent file path",
                                                             "isDeprecated": false,
-                                                            "name": "windows_domain_name"
+                                                            "name": "dest_process_parent_path"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low \u2013 ie. adware Medium \u2013 ie. network scans High \u2013 ie. spyware or worms",
+                                                            "description": "Destination process parent process ID",
                                                             "isDeprecated": false,
-                                                            "name": "risk_level"
+                                                            "name": "dest_process_parent_pid"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For Socket upgrade, previous version number",
+                                                            "description": "Destination process file path",
                                                             "isDeprecated": false,
-                                                            "name": "socket_old_version"
+                                                            "name": "dest_process_path"
                                                         },
                                                         {
-                                                            "deprecationReason": null,
-                                                            "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
-                                                            "isDeprecated": false,
-                                                            "name": "link_health_latency"
+                                                            "deprecationReason": "use dest_site_id/dest_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                                                            "description": "For WAN traffic, name of destination site or SDP user",
+                                                            "isDeprecated": true,
+                                                            "name": "dest_site"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Protocol for the tunnel",
+                                                            "description": "Unique internal Cato ID for the destination site or remote user",
                                                             "isDeprecated": false,
-                                                            "name": "tunnel_protocol"
+                                                            "name": "dest_site_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For Socket upgrades, new version number",
+                                                            "description": "The name of the destination site",
                                                             "isDeprecated": false,
-                                                            "name": "socket_new_version"
+                                                            "name": "dest_site_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Socket version number",
+                                                            "description": "Short description of the detection",
                                                             "isDeprecated": false,
-                                                            "name": "socket_version"
+                                                            "name": "detection_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Data that measures the jitter for a specific link",
+                                                            "description": "Triggered when malware has been detected EPP Behavioral engines and has been dealt with:\n\u2022 on_detection: the event is triggered upon malware detection;\n\u2022 on_end_disinfect: the event is triggered upon detection and followed disinfection;\n\u2022 on_inject: the event is triggered upon code injection.",
                                                             "isDeprecated": false,
-                                                            "name": "link_health_jitter"
+                                                            "name": "detection_stage"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Socket upgrade start time (Linux epoch format)",
+                                                            "description": "Device Categories",
                                                             "isDeprecated": false,
-                                                            "name": "upgrade_start_time"
+                                                            "name": "device_categories"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "BGP IP for Cato peer",
+                                                            "description": "Device Certificate Validated/Not Validated",
                                                             "isDeprecated": false,
-                                                            "name": "bgp_cato_ip"
+                                                            "name": "device_certificate"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Cato system category",
+                                                            "description": "Unique Cato ID for devices",
                                                             "isDeprecated": false,
-                                                            "name": "categories"
+                                                            "name": "device_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Unique Cato ID for the security rule related to the event",
+                                                            "description": "Device Manufacturer",
                                                             "isDeprecated": false,
-                                                            "name": "rule_id"
+                                                            "name": "device_manufacturer"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For Socket HA events, indicates if the Socket is primary or secondary",
+                                                            "description": "Device Model",
                                                             "isDeprecated": false,
-                                                            "name": "socket_role"
+                                                            "name": "device_model"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Number of targets (servers) associated with this event",
+                                                            "description": "Name for device related to the event",
                                                             "isDeprecated": false,
-                                                            "name": "targets_cardinality"
+                                                            "name": "device_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)",
+                                                            "description": "Device OS Type",
                                                             "isDeprecated": false,
-                                                            "name": "upgrade_initiated_by"
+                                                            "name": "device_os_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For WAN traffic, destination is site or SDP user",
+                                                            "description": "Device posture profiles",
                                                             "isDeprecated": false,
-                                                            "name": "dest_is_site_or_vpn"
+                                                            "name": "device_posture_profile"
+                                                        },
+                                                        {
+                                                            "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                                                            "description": "Device posture profiles",
+                                                            "isDeprecated": true,
+                                                            "name": "device_posture_profiles"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "BGP IP for remote peer",
+                                                            "description": "Device Type",
                                                             "isDeprecated": false,
-                                                            "name": "bgp_peer_ip"
+                                                            "name": "device_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Source type: site or remote user",
+                                                            "description": "Host name of Domain Controller that created LDAP event",
                                                             "isDeprecated": false,
-                                                            "name": "src_is_site_or_vpn"
+                                                            "name": "directory_host_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Active Directory name",
+                                                            "description": "IP address of Domain Controller that created LDAP event",
                                                             "isDeprecated": false,
-                                                            "name": "ad_name"
+                                                            "name": "directory_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Method used to get identity with User Awareness (such as Identity Agent)",
+                                                            "description": "Result of LDAP Domain Controller sync event",
                                                             "isDeprecated": false,
-                                                            "name": "user_awareness_method"
+                                                            "name": "directory_sync_result"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Data that measures the congestion for a specific link",
+                                                            "description": "Type of LDAP Domain Controller sync event",
                                                             "isDeprecated": false,
-                                                            "name": "link_health_is_congested"
+                                                            "name": "directory_sync_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Name of subnet as defined in Cato Management Application",
+                                                            "description": "If policy is set to disinfect, return the result of this action",
                                                             "isDeprecated": false,
-                                                            "name": "subnet_name"
+                                                            "name": "disinfect_result"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "OS version for the device (such as 14.3.0)",
+                                                            "description": "Describes the behavior when the DLP system encounters a failure",
                                                             "isDeprecated": false,
-                                                            "name": "os_version"
+                                                            "name": "dlp_fail_mode"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Sub-type for Routing, Security, Connectivity, System or Sockets Management event",
+                                                            "description": "DLP profiles related to the event",
                                                             "isDeprecated": false,
-                                                            "name": "event_sub_type"
+                                                            "name": "dlp_profiles"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Host OS or tunnel device",
+                                                            "description": "Defines the scanning methods used by the DLP system",
                                                             "isDeprecated": false,
-                                                            "name": "os_type"
+                                                            "name": "dlp_scan_types"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Direction of network traffic for this event, values are inbound or outbound",
+                                                            "description": "Cato\u2019s DNS Protection type that matched the DNS request",
                                                             "isDeprecated": false,
-                                                            "name": "traffic_direction"
+                                                            "name": "dns_protection_category"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "BGP disconnect error message",
+                                                            "description": "Domain queried in the DNS request",
                                                             "isDeprecated": false,
-                                                            "name": "bgp_suberror_code"
+                                                            "name": "dns_query"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "CIDR for BGP route",
+                                                            "description": "Domain name based on the SSL SNI, HTTP host name, or DNS name",
                                                             "isDeprecated": false,
-                                                            "name": "bgp_route_cidr"
+                                                            "name": "domain_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Unique Cato ID that identifies this security incident",
+                                                            "description": "Egress PoP Name",
                                                             "isDeprecated": false,
-                                                            "name": "incident_id"
+                                                            "name": "egress_pop_name"
                                                         },
                                                         {
-                                                            "deprecationReason": "use application_id/application_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                                                            "description": "For Internet firewall, app for this event",
-                                                            "isDeprecated": true,
-                                                            "name": "application"
+                                                            "deprecationReason": null,
+                                                            "description": "Egress Site Name for backhauling traffic",
+                                                            "isDeprecated": false,
+                                                            "name": "egress_site_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The name of the application associated with the flow",
+                                                            "description": "Email Subject",
                                                             "isDeprecated": false,
-                                                            "name": "application_name"
+                                                            "name": "email_subject"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Application ID of the flow",
+                                                            "description": "The ID for the endpoint",
                                                             "isDeprecated": false,
-                                                            "name": "application_id"
+                                                            "name": "endpoint_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Socket upgrade end time (Linux epoch format):",
+                                                            "description": "The Endpoint Protection Engine that detected the malware",
                                                             "isDeprecated": false,
-                                                            "name": "upgrade_end_time"
+                                                            "name": "epp_engine_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Socket interface ID",
+                                                            "description": "The profile assigned to the endpoint upon detection of the malware",
                                                             "isDeprecated": false,
-                                                            "name": "socket_interface_id"
+                                                            "name": "epp_profile"
                                                         },
                                                         {
-                                                            "deprecationReason": "use custom_category_id/custom_category_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                                                            "description": "Unique Cato ID for the custom category",
-                                                            "isDeprecated": true,
-                                                            "name": "custom_categories"
+                                                            "deprecationReason": null,
+                                                            "description": "Count for events that are repeated multiple times during one minute",
+                                                            "isDeprecated": false,
+                                                            "name": "event_count"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Custom category ID",
+                                                            "description": "Event Id",
                                                             "isDeprecated": false,
-                                                            "name": "custom_category_id"
+                                                            "name": "event_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Custom category name",
+                                                            "description": "Cato's description of the event",
                                                             "isDeprecated": false,
-                                                            "name": "custom_category_name"
+                                                            "name": "event_message"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Country in which the source host is located (detected via public IP address)",
+                                                            "description": "Sub-type for Routing, Security, Connectivity, System or Sockets Management event",
                                                             "isDeprecated": false,
-                                                            "name": "src_country"
+                                                            "name": "event_sub_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Country Code of country in which the source host is located (detected via public IP address)",
+                                                            "description": "Routing, Security, Connectivity, System or Sockets Management event",
                                                             "isDeprecated": false,
-                                                            "name": "src_country_code"
+                                                            "name": "event_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Count for events that are repeated multiple times during one minute",
+                                                            "description": "Provides details about why a specific action or process failed",
                                                             "isDeprecated": false,
-                                                            "name": "event_count"
+                                                            "name": "failure_reason"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "File name",
+                                                            "description": "File hash",
                                                             "isDeprecated": false,
-                                                            "name": "file_name"
+                                                            "name": "file_hash"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "IP address of Domain Controller that created LDAP event",
+                                                            "description": "File name",
                                                             "isDeprecated": false,
-                                                            "name": "directory_ip"
+                                                            "name": "file_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Time stamp of event (Linux epoch format)",
+                                                            "description": "The file operation when this event occurred",
                                                             "isDeprecated": false,
-                                                            "name": "time"
+                                                            "name": "file_operation"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "URL associated with the event",
+                                                            "description": "File size",
                                                             "isDeprecated": false,
-                                                            "name": "url"
+                                                            "name": "file_size"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For Internet traffic, country where the destination host is located",
+                                                            "description": "File type",
                                                             "isDeprecated": false,
-                                                            "name": "dest_country"
+                                                            "name": "file_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)",
+                                                            "description": "The final status for this object after performing actions as defined by the policy",
                                                             "isDeprecated": false,
-                                                            "name": "dest_country_code"
+                                                            "name": "final_object_status"
                                                         },
                                                         {
                                                             "deprecationReason": null,
@@ -2611,891 +2701,873 @@
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The name of the destination site",
+                                                            "description": "Full path URL application activity",
                                                             "isDeprecated": false,
-                                                            "name": "dest_site_name"
+                                                            "name": "full_path_url"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Routing, Security, Connectivity, System or Sockets Management event",
+                                                            "description": "An identifier for a guest user using Cato through a Captive Portal",
                                                             "isDeprecated": false,
-                                                            "name": "event_type"
+                                                            "name": "guest_user"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Account ID",
+                                                            "description": "IP address of host related to event",
                                                             "isDeprecated": false,
-                                                            "name": "account_id"
+                                                            "name": "host_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For IPS and SAM, ID of the IPS signature",
+                                                            "description": "MAC address of host related to event",
                                                             "isDeprecated": false,
-                                                            "name": "signature_id"
+                                                            "name": "host_mac"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Expiration date for Client certificate",
+                                                            "description": "HTTP request method (ie. Get, Post)",
                                                             "isDeprecated": false,
-                                                            "name": "client_cert_expires"
+                                                            "name": "http_request_method"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Name of Client certificate",
+                                                            "description": "For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)",
                                                             "isDeprecated": false,
-                                                            "name": "client_cert_name"
+                                                            "name": "incident_aggregation"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Is the app for this event defined as a sanctioned app? (True/False)",
+                                                            "description": "Unique Cato ID that identifies this security incident",
                                                             "isDeprecated": false,
-                                                            "name": "is_sanctioned_app"
+                                                            "name": "incident_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Name of application activity",
+                                                            "description": "Indication",
                                                             "isDeprecated": false,
-                                                            "name": "app_activity"
+                                                            "name": "indication"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Activity type",
+                                                            "description": "Indicator",
                                                             "isDeprecated": false,
-                                                            "name": "app_activity_type"
+                                                            "name": "indicator"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Device posture profiles",
+                                                            "description": "The initial status of the object, before any policy was applied",
                                                             "isDeprecated": false,
-                                                            "name": "device_posture_profile"
+                                                            "name": "initial_object_status"
                                                         },
                                                         {
-                                                            "deprecationReason": "use device_posture_profile instead. Planned end-of-life (EoL) date: May 1, 2025.",
-                                                            "description": "Device posture profiles",
+                                                            "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                                                            "description": "Cato Internal-use only",
                                                             "isDeprecated": true,
-                                                            "name": "device_posture_profiles"
-                                                        },
-                                                        {
-                                                            "deprecationReason": null,
-                                                            "description": "Full path URL application activity",
-                                                            "isDeprecated": false,
-                                                            "name": "full_path_url"
-                                                        },
-                                                        {
-                                                            "deprecationReason": null,
-                                                            "description": "Application risk score",
-                                                            "isDeprecated": false,
-                                                            "name": "application_risk"
+                                                            "name": "internalId"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Mitre attack techniques",
+                                                            "description": "Network protocol for this event",
                                                             "isDeprecated": false,
-                                                            "name": "mitre_attack_techniques"
+                                                            "name": "ip_protocol"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Mitre attack subtechniques",
+                                                            "description": "Classifies users based on their permissions.",
                                                             "isDeprecated": false,
-                                                            "name": "mitre_attack_subtechniques"
+                                                            "name": "is_admin"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Mitre attack tactics",
+                                                            "description": "Indicates whether an activity requires administrative permissions.",
                                                             "isDeprecated": false,
-                                                            "name": "mitre_attack_tactics"
+                                                            "name": "is_admin_activity"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Indicator",
+                                                            "description": "Is Compliant",
                                                             "isDeprecated": false,
-                                                            "name": "indicator"
+                                                            "name": "is_compliant"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For SaaS Security API, SaaS app for the connector",
+                                                            "description": "Is Managed",
                                                             "isDeprecated": false,
-                                                            "name": "connector_type"
+                                                            "name": "is_managed"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For SaaS Security API, name of the connector",
+                                                            "description": "Is the app for this event defined as a sanctioned app? (True/False)",
                                                             "isDeprecated": false,
-                                                            "name": "connector_name"
+                                                            "name": "is_sanctioned_app"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For SaaS Security API, status of the connector",
+                                                            "description": "If the events was part of the sinkhole flow",
                                                             "isDeprecated": false,
-                                                            "name": "connector_status"
+                                                            "name": "is_sinkhole"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For SaaS Security API, parent Microsoft 365 connector",
+                                                            "description": "The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)",
                                                             "isDeprecated": false,
-                                                            "name": "parent_connector_name"
+                                                            "name": "ISP_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "File type",
+                                                            "description": "Name defined for the public API Key in the Cato Management Application",
                                                             "isDeprecated": false,
-                                                            "name": "file_type"
+                                                            "name": "key_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Describes the behavior when the DLP system encounters a failure",
+                                                            "description": "A list of labels providing additional context for the event",
                                                             "isDeprecated": false,
-                                                            "name": "dlp_fail_mode"
+                                                            "name": "labels"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "DLP profiles related to the event",
+                                                            "description": "Data that measures the congestion for a specific link",
                                                             "isDeprecated": false,
-                                                            "name": "dlp_profiles"
+                                                            "name": "link_health_is_congested"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Matched DLP data types related to the event",
+                                                            "description": "Data that measures the jitter for a specific link",
                                                             "isDeprecated": false,
-                                                            "name": "matched_data_types"
+                                                            "name": "link_health_jitter"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Severity defined for the rule",
+                                                            "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
                                                             "isDeprecated": false,
-                                                            "name": "severity"
+                                                            "name": "link_health_latency"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For SaaS Security API, email address of the file owner",
+                                                            "description": "Data that measures the packet loss for a specific link",
                                                             "isDeprecated": false,
-                                                            "name": "owner"
+                                                            "name": "link_health_pkt_loss"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For SaaS Security API, email addresses of the users that received the file",
+                                                            "description": "Link type \u2013 Cato, Alt. WAN or LAG",
                                                             "isDeprecated": false,
-                                                            "name": "collaborators"
+                                                            "name": "link_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Email Subject",
+                                                            "description": "The user logged into this endpoint during this event",
                                                             "isDeprecated": false,
-                                                            "name": "email_subject"
+                                                            "name": "logged_in_user"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Sharing Options for the file (such as SharePoint)",
+                                                            "description": "Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)",
                                                             "isDeprecated": false,
-                                                            "name": "sharing_scope"
+                                                            "name": "login_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Cato\u2019s DNS Protection type that matched the DNS request",
+                                                            "description": "Matched DLP data types related to the event",
                                                             "isDeprecated": false,
-                                                            "name": "dns_protection_category"
+                                                            "name": "matched_data_types"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "If the events was part of the sinkhole flow",
+                                                            "description": "Mitre attack subtechniques",
                                                             "isDeprecated": false,
-                                                            "name": "is_sinkhole"
+                                                            "name": "mitre_attack_subtechniques"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The ID for the endpoint",
+                                                            "description": "Mitre attack tactics",
                                                             "isDeprecated": false,
-                                                            "name": "endpoint_id"
+                                                            "name": "mitre_attack_tactics"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The Endpoint Protection Engine that detected the malware",
+                                                            "description": "Mitre attack techniques",
                                                             "isDeprecated": false,
-                                                            "name": "epp_engine_type"
+                                                            "name": "mitre_attack_techniques"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The file operation when this event occurred",
+                                                            "description": "Network Access",
                                                             "isDeprecated": false,
-                                                            "name": "file_operation"
+                                                            "name": "network_access"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Matched network rule",
                                                             "isDeprecated": false,
-                                                            "name": "final_object_status"
+                                                            "name": "network_rule"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "For SaaS Security API, API Error of Apps Security Notification",
                                                             "isDeprecated": false,
-                                                            "name": "object_name"
+                                                            "name": "notification_api_error"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "For SaaS Security API, description of Apps Security Notification",
                                                             "isDeprecated": false,
-                                                            "name": "object_type"
+                                                            "name": "notification_description"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Unique identifier by the 3rd party App of the object being referenced",
                                                             "isDeprecated": false,
                                                             "name": "object_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "The name of the object for this event (for example: file name)",
                                                             "isDeprecated": false,
-                                                            "name": "alert_id"
+                                                            "name": "object_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The vendor that identified the incident, such as Cato or Microsoft",
+                                                            "description": "Specifies the type of object being acted upon (e.g., file, folder)",
                                                             "isDeprecated": false,
-                                                            "name": "vendor"
+                                                            "name": "object_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Office mode Enabled/Disabled",
                                                             "isDeprecated": false,
-                                                            "name": "vendor_user_id"
+                                                            "name": "office_mode"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Host OS or tunnel device",
                                                             "isDeprecated": false,
-                                                            "name": "status"
+                                                            "name": "os_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "OS version for the device (such as 14.3.0)",
                                                             "isDeprecated": false,
-                                                            "name": "classification"
+                                                            "name": "os_version"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App)",
                                                             "isDeprecated": false,
-                                                            "name": "quarantine_folder_path"
+                                                            "name": "out_of_band_access"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "For SaaS Security API, email address of the file owner",
                                                             "isDeprecated": false,
-                                                            "name": "title"
+                                                            "name": "owner"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Pac File Enabled/Disabled",
                                                             "isDeprecated": false,
-                                                            "name": "recommended_actions"
-                                                        },
-                                                        {
-                                                            "deprecationReason": "use src_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
-                                                            "description": null,
-                                                            "isDeprecated": true,
-                                                            "name": "pid"
-                                                        },
-                                                        {
-                                                            "deprecationReason": "use src_process_parent_pid instead. Planned end-of-life (EoL) date: March 1, 2025.",
-                                                            "description": null,
-                                                            "isDeprecated": true,
-                                                            "name": "parent_pid"
-                                                        },
-                                                        {
-                                                            "deprecationReason": "use src_process_path instead. Planned end-of-life (EoL) date: March 1, 2025.",
-                                                            "description": null,
-                                                            "isDeprecated": true,
-                                                            "name": "process_path"
+                                                            "name": "pac_file"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "For SaaS Security API, parent Microsoft 365 connector",
                                                             "isDeprecated": false,
-                                                            "name": "failure_reason"
+                                                            "name": "parent_connector_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Name of PoP location",
                                                             "isDeprecated": false,
-                                                            "name": "out_of_band_access"
+                                                            "name": "pop_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "A Unique ID for the quarantined file",
+                                                            "description": "Precedence",
                                                             "isDeprecated": false,
-                                                            "name": "quarantine_uuid"
+                                                            "name": "precedence"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Indicate how many processes are part of this event",
                                                             "isDeprecated": false,
-                                                            "name": "logged_in_user"
+                                                            "name": "processes_count"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The profile assigned to the endpoint upon detection of the malware",
+                                                            "description": "Producer",
                                                             "isDeprecated": false,
-                                                            "name": "epp_profile"
+                                                            "name": "producer"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Source process ID",
+                                                            "description": "Prompt Page Selected Action",
                                                             "isDeprecated": false,
-                                                            "name": "src_pid"
+                                                            "name": "prompt_action"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Source process file path",
+                                                            "description": "Public source IP",
                                                             "isDeprecated": false,
-                                                            "name": "src_process_path"
+                                                            "name": "public_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Source process command line",
+                                                            "description": "QoS Priority value",
                                                             "isDeprecated": false,
-                                                            "name": "src_process_cmdline"
+                                                            "name": "qos_priority"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Source process parent process ID",
+                                                            "description": "For QoS, the time that this QoS event started. The event is generated when the QoS event finishes",
                                                             "isDeprecated": false,
-                                                            "name": "src_process_parent_pid"
+                                                            "name": "qos_reported_time"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Source process parent file path",
+                                                            "description": "Specifies the path to a quarantine folder for isolated files",
                                                             "isDeprecated": false,
-                                                            "name": "src_process_parent_path"
+                                                            "name": "quarantine_folder_path"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The destination process ID",
+                                                            "description": "A Unique ID for the quarantined file",
                                                             "isDeprecated": false,
-                                                            "name": "dest_pid"
+                                                            "name": "quarantine_uuid"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Destination process file path",
+                                                            "description": "Raw Data",
                                                             "isDeprecated": false,
-                                                            "name": "dest_process_path"
+                                                            "name": "raw_data"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Destination process command line",
+                                                            "description": "Textual recommendation of the steps to take",
                                                             "isDeprecated": false,
-                                                            "name": "dest_process_cmdline"
+                                                            "name": "recommended_actions"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Destination process parent process ID",
+                                                            "description": "The URL that links directly to the object involved in the activity",
                                                             "isDeprecated": false,
-                                                            "name": "dest_process_parent_pid"
+                                                            "name": "reference_url"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Destination process parent file path",
+                                                            "description": "Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)",
                                                             "isDeprecated": false,
-                                                            "name": "dest_process_parent_path"
+                                                            "name": "registration_code"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "If policy is set to disinfect, return the result of this action",
+                                                            "description": "(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low \u2013 ie. adware Medium \u2013 ie. network scans High \u2013 ie. spyware or worms",
                                                             "isDeprecated": false,
-                                                            "name": "disinfect_result"
+                                                            "name": "risk_level"
                                                         },
                                                         {
-                                                            "deprecationReason": null,
-                                                            "description": "Indicate how many processes are part of this event",
-                                                            "isDeprecated": false,
-                                                            "name": "processes_count"
+                                                            "deprecationReason": "use rule_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                                                            "description": "Name of security rule related to the event",
+                                                            "isDeprecated": true,
+                                                            "name": "rule"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "HTTP request method (ie. Get, Post)",
+                                                            "description": "Unique Cato ID for the security rule related to the event",
                                                             "isDeprecated": false,
-                                                            "name": "http_request_method"
+                                                            "name": "rule_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "XFF HTTP header indicates the original IP address for the connections",
+                                                            "description": "Rule name",
                                                             "isDeprecated": false,
-                                                            "name": "xff"
+                                                            "name": "rule_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Domain queried in the DNS request",
+                                                            "description": "Severity defined for the rule",
                                                             "isDeprecated": false,
-                                                            "name": "dns_query"
+                                                            "name": "severity"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Name defined for the public API Key in the Cato Management Application",
+                                                            "description": "Sharing Options for the file (such as SharePoint)",
                                                             "isDeprecated": false,
-                                                            "name": "key_name"
+                                                            "name": "sharing_scope"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "Sign In Types",
                                                             "isDeprecated": false,
-                                                            "name": "api_type"
+                                                            "name": "sign_in_event_types"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": null,
+                                                            "description": "For IPS and SAM, ID of the IPS signature",
                                                             "isDeprecated": false,
-                                                            "name": "api_name"
+                                                            "name": "signature_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Related Apps",
+                                                            "description": "Name for Socket interface",
                                                             "isDeprecated": false,
-                                                            "name": "app_stack"
+                                                            "name": "socket_interface"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "TLS Inspection rule name",
+                                                            "description": "Socket interface ID",
                                                             "isDeprecated": false,
-                                                            "name": "tls_rule_name"
+                                                            "name": "socket_interface_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "TLS Certificate Error",
+                                                            "description": "For Socket upgrades, new version number",
                                                             "isDeprecated": false,
-                                                            "name": "tls_certificate_error"
+                                                            "name": "socket_new_version"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "TLS Version",
+                                                            "description": "For Socket upgrade, previous version number",
                                                             "isDeprecated": false,
-                                                            "name": "tls_version"
+                                                            "name": "socket_old_version"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "TLS Error Type",
+                                                            "description": "Type of Socket reset (Hardware/Software)",
                                                             "isDeprecated": false,
-                                                            "name": "tls_error_type"
+                                                            "name": "socket_reset"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "TLS Error Description",
+                                                            "description": "For Socket HA events, indicates if the Socket is primary or secondary",
                                                             "isDeprecated": false,
-                                                            "name": "tls_error_description"
+                                                            "name": "socket_role"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Cato application name",
+                                                            "description": "Socket serial number",
                                                             "isDeprecated": false,
-                                                            "name": "cato_app"
+                                                            "name": "socket_serial"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Prompt Page Selected Action",
+                                                            "description": "Socket version number",
                                                             "isDeprecated": false,
-                                                            "name": "prompt_action"
+                                                            "name": "socket_version"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Unique Cato ID for devices",
+                                                            "description": "Split Tunnel Configuration",
                                                             "isDeprecated": false,
-                                                            "name": "device_id"
+                                                            "name": "split_tunnel_configuration"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Unique Cato Visible ID for devices",
+                                                            "description": "Country in which the source host is located (detected via public IP address)",
                                                             "isDeprecated": false,
-                                                            "name": "visible_device_id"
+                                                            "name": "src_country"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN",
+                                                            "description": "Country Code of country in which the source host is located (detected via public IP address)",
                                                             "isDeprecated": false,
-                                                            "name": "auth_method"
+                                                            "name": "src_country_code"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Always-On Bypass Method",
+                                                            "description": "IP for host or Cato Client",
                                                             "isDeprecated": false,
-                                                            "name": "bypass_method"
+                                                            "name": "src_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Always-On Bypass Duration In Seconds",
+                                                            "description": "Source type: site or remote user",
                                                             "isDeprecated": false,
-                                                            "name": "bypass_duration_sec"
+                                                            "name": "src_is_site_or_vpn"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Always-On Bypass Reason",
+                                                            "description": "IP address provided by ISP to site or Client",
                                                             "isDeprecated": false,
-                                                            "name": "bypass_reason"
+                                                            "name": "src_isp_ip"
+                                                        },
+                                                        {
+                                                            "deprecationReason": "please use src_site_id and dest_site_id instead. Planned end-of-life (EoL) date: June 30, 2025.",
+                                                            "description": "Source or destination site or remote user ID.\nThis field can only be used in filter.",
+                                                            "isDeprecated": true,
+                                                            "name": "src_or_dest_site_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Sign In Types",
+                                                            "description": "Source process ID",
                                                             "isDeprecated": false,
-                                                            "name": "sign_in_event_types"
+                                                            "name": "src_pid"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Unique identifier for the tenant within a multi-tenant environment",
+                                                            "description": "Internal port number",
                                                             "isDeprecated": false,
-                                                            "name": "tenant_id"
+                                                            "name": "src_port"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Tenant Name",
+                                                            "description": "Source process command line",
                                                             "isDeprecated": false,
-                                                            "name": "tenant_name"
+                                                            "name": "src_process_cmdline"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "User Agent",
+                                                            "description": "Source process parent file path",
                                                             "isDeprecated": false,
-                                                            "name": "user_agent"
+                                                            "name": "src_process_parent_path"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Vendor Event Id",
+                                                            "description": "Source process parent process ID",
                                                             "isDeprecated": false,
-                                                            "name": "vendor_event_id"
+                                                            "name": "src_process_parent_pid"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Vendor Device Id",
+                                                            "description": "Source process file path",
                                                             "isDeprecated": false,
-                                                            "name": "vendor_device_id"
+                                                            "name": "src_process_path"
+                                                        },
+                                                        {
+                                                            "deprecationReason": "use src_site_id/src_site_name instead. Planned end-of-life (EoL) date: May 1, 2025.",
+                                                            "description": "Name of site or user initiating the connection",
+                                                            "isDeprecated": true,
+                                                            "name": "src_site"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Vendor Device Name",
+                                                            "description": "Unique internal Cato ID for the site or remote user",
                                                             "isDeprecated": false,
-                                                            "name": "vendor_device_name"
+                                                            "name": "src_site_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Is Compliant",
+                                                            "description": "Source site or remote user",
                                                             "isDeprecated": false,
-                                                            "name": "is_compliant"
+                                                            "name": "src_site_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Is Managed",
+                                                            "description": "Static host",
                                                             "isDeprecated": false,
-                                                            "name": "is_managed"
+                                                            "name": "static_host"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Trust Type",
+                                                            "description": "The story status.\nPossible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring",
                                                             "isDeprecated": false,
-                                                            "name": "trust_type"
+                                                            "name": "status"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Confidence Level",
+                                                            "description": "Story Id",
                                                             "isDeprecated": false,
-                                                            "name": "confidence_level"
+                                                            "name": "story_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Defines the scanning methods used by the DLP system",
+                                                            "description": "Name of subnet as defined in Cato Management Application",
                                                             "isDeprecated": false,
-                                                            "name": "dlp_scan_types"
+                                                            "name": "subnet_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Network Access",
+                                                            "description": "Number of targets (servers) associated with this event",
                                                             "isDeprecated": false,
-                                                            "name": "network_access"
+                                                            "name": "targets_cardinality"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Analyst Verdict",
+                                                            "description": "Shows if traffic was TCP accelerated or not",
                                                             "isDeprecated": false,
-                                                            "name": "analyst_verdict"
+                                                            "name": "tcp_acceleration"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Criticality",
+                                                            "description": "Unique identifier for the tenant within a multi-tenant environment",
                                                             "isDeprecated": false,
-                                                            "name": "criticality"
+                                                            "name": "tenant_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Indication",
+                                                            "description": "Tenant Name",
                                                             "isDeprecated": false,
-                                                            "name": "indication"
+                                                            "name": "tenant_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Producer",
+                                                            "description": "Tenant Restriction Rule Name",
                                                             "isDeprecated": false,
-                                                            "name": "producer"
+                                                            "name": "tenant_restriction_rule_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Story Id",
+                                                            "description": "Contains the detection risk level. Could be one of the following:\n\u2022 Info - this is information-only event, the activity is not malicious;\n\u2022 Suspicious - the event is suspicious. It may be malicious, but there is not enough information\n\u2022 Malware - the event is malicious activity",
                                                             "isDeprecated": false,
-                                                            "name": "story_id"
+                                                            "name": "threat_confidence"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Raw Data",
+                                                            "description": "For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked",
                                                             "isDeprecated": false,
-                                                            "name": "raw_data"
+                                                            "name": "threat_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Trigger",
+                                                            "description": "Link to external malware reference",
                                                             "isDeprecated": false,
-                                                            "name": "trigger"
+                                                            "name": "threat_reference"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Matched network rule",
+                                                            "description": "The higher the score, the more dangerous the event. In range between 1 - 100 inclusive",
                                                             "isDeprecated": false,
-                                                            "name": "network_rule"
+                                                            "name": "threat_score"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The algorithm that is used (CUBIC /NewReno / BBR)",
+                                                            "description": "Type of malware event",
                                                             "isDeprecated": false,
-                                                            "name": "congestion_algorithm"
+                                                            "name": "threat_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Shows if traffic was TCP accelerated or not",
+                                                            "description": "Result of malware event (clean indicates a safe file)",
                                                             "isDeprecated": false,
-                                                            "name": "tcp_acceleration"
+                                                            "name": "threat_verdict"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Shows if traffic was TLS inspected or not",
+                                                            "description": "Time stamp of the event (Linux epoch format)",
                                                             "isDeprecated": false,
-                                                            "name": "tls_inspection"
+                                                            "name": "time"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Public source IP",
+                                                            "description": "Time stamp of the event (Human-readable format)",
                                                             "isDeprecated": false,
-                                                            "name": "public_ip"
+                                                            "name": "time_str"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Egress Site Name for backhauling traffic",
+                                                            "description": "A short summary of the activity",
                                                             "isDeprecated": false,
-                                                            "name": "egress_site_name"
+                                                            "name": "title"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Egress PoP Name",
+                                                            "description": "TLS Certificate Error",
                                                             "isDeprecated": false,
-                                                            "name": "egress_pop_name"
+                                                            "name": "tls_certificate_error"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "QoS Priority value",
+                                                            "description": "TLS Error Description",
                                                             "isDeprecated": false,
-                                                            "name": "qos_priority"
+                                                            "name": "tls_error_description"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Split Tunnel Configuration",
+                                                            "description": "TLS Error Type",
                                                             "isDeprecated": false,
-                                                            "name": "split_tunnel_configuration"
+                                                            "name": "tls_error_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Pac File Enabled/Disabled",
+                                                            "description": "Shows if traffic was TLS inspected or not",
                                                             "isDeprecated": false,
-                                                            "name": "pac_file"
+                                                            "name": "tls_inspection"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Always-on Configuration",
+                                                            "description": "TLS Inspection rule name",
                                                             "isDeprecated": false,
-                                                            "name": "always_on_configuration"
+                                                            "name": "tls_rule_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Lan access Allowed / Blocked",
+                                                            "description": "TLS Version",
                                                             "isDeprecated": false,
-                                                            "name": "vpn_lan_access"
+                                                            "name": "tls_version"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Connect on boot Enabled/Disabled",
+                                                            "description": "Direction of network traffic for this event, values are inbound or outbound",
                                                             "isDeprecated": false,
-                                                            "name": "connect_on_boot"
+                                                            "name": "traffic_direction"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Trusted networks Enabled/Disabled",
+                                                            "description": "Translated Client IP",
                                                             "isDeprecated": false,
-                                                            "name": "trusted_networks"
+                                                            "name": "translated_client_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Office mode Enabled/Disabled",
+                                                            "description": "Translated Server IP",
                                                             "isDeprecated": false,
-                                                            "name": "office_mode"
+                                                            "name": "translated_server_ip"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Device Certificate Validated/Not Validated",
+                                                            "description": "Trigger",
                                                             "isDeprecated": false,
-                                                            "name": "device_certificate"
+                                                            "name": "trigger"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Tunnel Protocol TCP/UDP",
+                                                            "description": "Trust Type",
                                                             "isDeprecated": false,
-                                                            "name": "tunnel_ip_protocol"
+                                                            "name": "trust_type"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For SaaS Security API, description of Apps Security Notification",
+                                                            "description": "Trusted networks Enabled/Disabled",
                                                             "isDeprecated": false,
-                                                            "name": "notification_description"
+                                                            "name": "trusted_networks"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "For SaaS Security API, API Error of Apps Security Notification",
+                                                            "description": "Tunnel Protocol TCP/UDP",
                                                             "isDeprecated": false,
-                                                            "name": "notification_api_error"
+                                                            "name": "tunnel_ip_protocol"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The URL that links directly to the object involved in the activity",
+                                                            "description": "Protocol for the tunnel",
                                                             "isDeprecated": false,
-                                                            "name": "reference_url"
+                                                            "name": "tunnel_protocol"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "SaaS user activities into categories.",
+                                                            "description": "Socket upgrade end time (Linux epoch format):",
                                                             "isDeprecated": false,
-                                                            "name": "app_activity_category"
+                                                            "name": "upgrade_end_time"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Indicates whether an activity requires administrative permissions.",
+                                                            "description": "Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)",
                                                             "isDeprecated": false,
-                                                            "name": "is_admin_activity"
+                                                            "name": "upgrade_initiated_by"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Classifies users based on their permissions.",
+                                                            "description": "Socket upgrade start time (Linux epoch format)",
                                                             "isDeprecated": false,
-                                                            "name": "is_admin"
+                                                            "name": "upgrade_start_time"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Shows the display name of the target user involved in an activity",
+                                                            "description": "URL associated with the event",
                                                             "isDeprecated": false,
-                                                            "name": "collaborator_name"
+                                                            "name": "url"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "The unique identifier by the SaaS vendor for the target group in an activity.",
+                                                            "description": "User Agent",
                                                             "isDeprecated": false,
-                                                            "name": "dest_group_id"
+                                                            "name": "user_agent"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Identifies the target group involved in an activity",
+                                                            "description": "Method used to get identity with User Awareness (such as Identity Agent)",
                                                             "isDeprecated": false,
-                                                            "name": "dest_group_name"
+                                                            "name": "user_awareness_method"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Identifies system access software or device",
+                                                            "description": "User ID",
                                                             "isDeprecated": false,
-                                                            "name": "access_method"
+                                                            "name": "user_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Shows the id of the target user involved in an activity",
+                                                            "description": "User that generated the event",
                                                             "isDeprecated": false,
-                                                            "name": "vendor_collaborator_id"
+                                                            "name": "user_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Device Categories",
+                                                            "description": "For Block/Prompt page, reference ID to report incorrect category",
                                                             "isDeprecated": false,
-                                                            "name": "device_categories"
+                                                            "name": "user_reference_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Device Manufacturer",
+                                                            "description": "User risk level category",
                                                             "isDeprecated": false,
-                                                            "name": "device_manufacturer"
+                                                            "name": "user_risk_level"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Device Model",
+                                                            "description": "The vendor that identified the incident, such as Cato or Microsoft",
                                                             "isDeprecated": false,
-                                                            "name": "device_model"
+                                                            "name": "vendor"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Device OS Type",
+                                                            "description": "Shows the id of the target user involved in an activity",
                                                             "isDeprecated": false,
-                                                            "name": "device_os_type"
+                                                            "name": "vendor_collaborator_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Device Type",
+                                                            "description": "Vendor Device Id",
                                                             "isDeprecated": false,
-                                                            "name": "device_type"
+                                                            "name": "vendor_device_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Tenant Restriction Rule Name",
+                                                            "description": "Vendor Device Name",
                                                             "isDeprecated": false,
-                                                            "name": "tenant_restriction_rule_name"
+                                                            "name": "vendor_device_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Connection Origin",
+                                                            "description": "Vendor Event Id",
                                                             "isDeprecated": false,
-                                                            "name": "connection_origin"
+                                                            "name": "vendor_event_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Translated Server IP",
+                                                            "description": "Identifies the user in the vendor\u2019s system",
                                                             "isDeprecated": false,
-                                                            "name": "translated_server_ip"
+                                                            "name": "vendor_user_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Translated Client IP",
+                                                            "description": "Unique Cato Visible ID for devices",
                                                             "isDeprecated": false,
-                                                            "name": "translated_client_ip"
+                                                            "name": "visible_device_id"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "IoC Container Name",
+                                                            "description": "Lan access Allowed / Blocked",
                                                             "isDeprecated": false,
-                                                            "name": "container_name"
+                                                            "name": "vpn_lan_access"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
+                                                            "description": "User\u2019s email address",
                                                             "isDeprecated": false,
-                                                            "name": "correlation_id"
+                                                            "name": "vpn_user_email"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "Precedence",
+                                                            "description": "For LDAP sync events, name of the AD domain",
                                                             "isDeprecated": false,
-                                                            "name": "precedence"
+                                                            "name": "windows_domain_name"
                                                         },
                                                         {
                                                             "deprecationReason": null,
-                                                            "description": "A list of labels providing additional context for the event",
+                                                            "description": "XFF HTTP header indicates the original IP address for the connections",
                                                             "isDeprecated": false,
-                                                            "name": "labels"
+                                                            "name": "xff"
                                                         }
                                                     ],
                                                     "fields": null,