catocli 1.0.21__py3-none-any.whl → 2.0.1__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (139) hide show
  1. catocli/Utils/clidriver.py +112 -25
  2. catocli/Utils/profile_manager.py +188 -0
  3. catocli/Utils/version_checker.py +192 -0
  4. catocli/__init__.py +1 -1
  5. catocli/parsers/configure/__init__.py +115 -0
  6. catocli/parsers/configure/configure.py +307 -0
  7. catocli/parsers/custom/__init__.py +8 -0
  8. catocli/parsers/custom/export_rules/__init__.py +36 -0
  9. catocli/parsers/custom/export_rules/export_rules.py +361 -0
  10. catocli/parsers/custom/import_rules_to_tf/__init__.py +58 -0
  11. catocli/parsers/custom/import_rules_to_tf/import_rules_to_tf.py +577 -0
  12. catocli/parsers/mutation_admin_addAdmin/README.md +1 -1
  13. catocli/parsers/mutation_hardware/README.md +7 -0
  14. catocli/parsers/mutation_hardware/__init__.py +23 -0
  15. catocli/parsers/mutation_hardware_updateHardwareShipping/README.md +17 -0
  16. catocli/parsers/mutation_site_addBgpPeer/README.md +1 -1
  17. catocli/parsers/mutation_site_addNetworkRange/README.md +1 -1
  18. catocli/parsers/mutation_site_updateBgpPeer/README.md +1 -1
  19. catocli/parsers/mutation_site_updateNetworkRange/README.md +1 -1
  20. catocli/parsers/mutation_sites_addBgpPeer/README.md +1 -1
  21. catocli/parsers/mutation_sites_addNetworkRange/README.md +1 -1
  22. catocli/parsers/mutation_sites_updateBgpPeer/README.md +1 -1
  23. catocli/parsers/mutation_sites_updateNetworkRange/README.md +1 -1
  24. catocli/parsers/query_auditFeed/README.md +1 -1
  25. catocli/parsers/query_catalogs/README.md +19 -0
  26. catocli/parsers/query_catalogs/__init__.py +17 -0
  27. catocli/parsers/query_devices/README.md +19 -0
  28. catocli/parsers/query_devices/__init__.py +17 -0
  29. catocli/parsers/query_eventsFeed/README.md +1 -1
  30. catocli/parsers/query_hardware/README.md +17 -0
  31. catocli/parsers/query_hardware/__init__.py +17 -0
  32. catocli/parsers/query_sandbox/README.md +1 -1
  33. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/METADATA +1 -1
  34. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/RECORD +139 -114
  35. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/top_level.txt +1 -0
  36. graphql_client/api/call_api.py +4 -0
  37. graphql_client/api_client_types.py +4 -3
  38. graphql_client/configuration.py +2 -0
  39. models/mutation.admin.addAdmin.json +130 -0
  40. models/mutation.hardware.updateHardwareShipping.json +2506 -0
  41. models/mutation.policy.appTenantRestriction.addRule.json +11 -11
  42. models/mutation.policy.appTenantRestriction.createPolicyRevision.json +11 -11
  43. models/mutation.policy.appTenantRestriction.discardPolicyRevision.json +11 -11
  44. models/mutation.policy.appTenantRestriction.moveRule.json +11 -11
  45. models/mutation.policy.appTenantRestriction.publishPolicyRevision.json +11 -11
  46. models/mutation.policy.appTenantRestriction.removeRule.json +11 -11
  47. models/mutation.policy.appTenantRestriction.updatePolicy.json +11 -11
  48. models/mutation.policy.appTenantRestriction.updateRule.json +11 -11
  49. models/mutation.policy.dynamicIpAllocation.addRule.json +4 -4
  50. models/mutation.policy.dynamicIpAllocation.createPolicyRevision.json +4 -4
  51. models/mutation.policy.dynamicIpAllocation.discardPolicyRevision.json +4 -4
  52. models/mutation.policy.dynamicIpAllocation.moveRule.json +4 -4
  53. models/mutation.policy.dynamicIpAllocation.publishPolicyRevision.json +4 -4
  54. models/mutation.policy.dynamicIpAllocation.removeRule.json +4 -4
  55. models/mutation.policy.dynamicIpAllocation.updatePolicy.json +4 -4
  56. models/mutation.policy.dynamicIpAllocation.updateRule.json +4 -4
  57. models/mutation.policy.internetFirewall.addRule.json +63 -63
  58. models/mutation.policy.internetFirewall.createPolicyRevision.json +45 -45
  59. models/mutation.policy.internetFirewall.discardPolicyRevision.json +45 -45
  60. models/mutation.policy.internetFirewall.moveRule.json +45 -45
  61. models/mutation.policy.internetFirewall.publishPolicyRevision.json +45 -45
  62. models/mutation.policy.internetFirewall.removeRule.json +45 -45
  63. models/mutation.policy.internetFirewall.updatePolicy.json +45 -45
  64. models/mutation.policy.internetFirewall.updateRule.json +63 -63
  65. models/mutation.policy.remotePortFwd.addRule.json +5 -5
  66. models/mutation.policy.remotePortFwd.createPolicyRevision.json +5 -5
  67. models/mutation.policy.remotePortFwd.discardPolicyRevision.json +5 -5
  68. models/mutation.policy.remotePortFwd.moveRule.json +5 -5
  69. models/mutation.policy.remotePortFwd.publishPolicyRevision.json +5 -5
  70. models/mutation.policy.remotePortFwd.removeRule.json +5 -5
  71. models/mutation.policy.remotePortFwd.updatePolicy.json +5 -5
  72. models/mutation.policy.remotePortFwd.updateRule.json +5 -5
  73. models/mutation.policy.socketLan.addRule.json +3580 -125
  74. models/mutation.policy.socketLan.createPolicyRevision.json +3580 -125
  75. models/mutation.policy.socketLan.discardPolicyRevision.json +3580 -125
  76. models/mutation.policy.socketLan.moveRule.json +3580 -125
  77. models/mutation.policy.socketLan.publishPolicyRevision.json +3580 -125
  78. models/mutation.policy.socketLan.removeRule.json +3580 -125
  79. models/mutation.policy.socketLan.updatePolicy.json +3580 -125
  80. models/mutation.policy.socketLan.updateRule.json +3580 -125
  81. models/mutation.policy.wanFirewall.addRule.json +77 -77
  82. models/mutation.policy.wanFirewall.createPolicyRevision.json +59 -59
  83. models/mutation.policy.wanFirewall.discardPolicyRevision.json +59 -59
  84. models/mutation.policy.wanFirewall.moveRule.json +59 -59
  85. models/mutation.policy.wanFirewall.publishPolicyRevision.json +59 -59
  86. models/mutation.policy.wanFirewall.removeRule.json +59 -59
  87. models/mutation.policy.wanFirewall.updatePolicy.json +59 -59
  88. models/mutation.policy.wanFirewall.updateRule.json +77 -77
  89. models/mutation.policy.wanNetwork.addRule.json +49 -49
  90. models/mutation.policy.wanNetwork.createPolicyRevision.json +49 -49
  91. models/mutation.policy.wanNetwork.discardPolicyRevision.json +49 -49
  92. models/mutation.policy.wanNetwork.moveRule.json +49 -49
  93. models/mutation.policy.wanNetwork.publishPolicyRevision.json +49 -49
  94. models/mutation.policy.wanNetwork.removeRule.json +49 -49
  95. models/mutation.policy.wanNetwork.updatePolicy.json +49 -49
  96. models/mutation.policy.wanNetwork.updateRule.json +49 -49
  97. models/mutation.site.addBgpPeer.json +2812 -217
  98. models/mutation.site.addNetworkRange.json +114 -0
  99. models/mutation.site.addSocketSite.json +18 -0
  100. models/mutation.site.removeBgpPeer.json +667 -1
  101. models/mutation.site.updateBgpPeer.json +3152 -559
  102. models/mutation.site.updateNetworkRange.json +114 -0
  103. models/mutation.sites.addBgpPeer.json +2812 -217
  104. models/mutation.sites.addNetworkRange.json +114 -0
  105. models/mutation.sites.addSocketSite.json +18 -0
  106. models/mutation.sites.removeBgpPeer.json +667 -1
  107. models/mutation.sites.updateBgpPeer.json +3152 -559
  108. models/mutation.sites.updateNetworkRange.json +114 -0
  109. models/mutation.xdr.addStoryComment.json +2 -2
  110. models/mutation.xdr.analystFeedback.json +182 -42
  111. models/mutation.xdr.deleteStoryComment.json +2 -2
  112. models/query.accountMetrics.json +112 -0
  113. models/query.accountSnapshot.json +62 -0
  114. models/query.admin.json +46 -0
  115. models/query.admins.json +46 -0
  116. models/query.appStats.json +528 -0
  117. models/query.appStatsTimeSeries.json +396 -0
  118. models/query.auditFeed.json +273 -3336
  119. models/query.catalogs.json +9840 -0
  120. models/query.devices.json +15469 -0
  121. models/query.events.json +4606 -4318
  122. models/query.eventsFeed.json +1167 -1095
  123. models/query.eventsTimeSeries.json +3459 -3243
  124. models/query.hardware.json +5730 -0
  125. models/query.hardwareManagement.json +8 -2
  126. models/query.licensing.json +3 -3
  127. models/query.policy.json +3743 -298
  128. models/query.sandbox.json +6 -4
  129. models/query.site.json +1329 -4
  130. models/query.xdr.stories.json +182 -42
  131. models/query.xdr.story.json +182 -42
  132. schema/catolib.py +105 -28
  133. scripts/catolib.py +62 -0
  134. scripts/export_if_rules_to_json.py +188 -0
  135. scripts/export_wf_rules_to_json.py +111 -0
  136. scripts/import_wf_rules_to_tfstate.py +331 -0
  137. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/LICENSE +0 -0
  138. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/WHEEL +0 -0
  139. {catocli-1.0.21.dist-info → catocli-2.0.1.dist-info}/entry_points.txt +0 -0
models/query.xdr.story.json CHANGED
@@ -1451,7 +1451,7 @@
1451
1451
  "responseStr": "site:$siteRef ",
1452
1452
  "type": {
1453
1453
  "definition": {
1454
- "description": null,
1454
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
1455
1455
  "enumValues": null,
1456
1456
  "fields": {
1457
1457
  "id": {
@@ -1695,7 +1695,7 @@
1695
1695
  "responseStr": "user:$userRef ",
1696
1696
  "type": {
1697
1697
  "definition": {
1698
- "description": null,
1698
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
1699
1699
  "enumValues": null,
1700
1700
  "fields": {
1701
1701
  "id": {
@@ -1808,7 +1808,7 @@
1808
1808
  "name": "MergedIncident",
1809
1809
  "possibleTypes": {
1810
1810
  "AnomalyEvents": {
1811
- "description": null,
1811
+ "description": "The `AnomalyEvents` object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.",
1812
1812
  "enumValues": null,
1813
1813
  "fields": {
1814
1814
  "analystFeedback": {
@@ -3446,7 +3446,7 @@
3446
3446
  "responseStr": "site:$siteRef ",
3447
3447
  "type": {
3448
3448
  "definition": {
3449
- "description": null,
3449
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
3450
3450
  "enumValues": null,
3451
3451
  "fields": {
3452
3452
  "id": {
@@ -4745,7 +4745,7 @@
4745
4745
  "responseStr": "user:$userRef ",
4746
4746
  "type": {
4747
4747
  "definition": {
4748
- "description": null,
4748
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
4749
4749
  "enumValues": null,
4750
4750
  "fields": {
4751
4751
  "id": {
@@ -4859,7 +4859,7 @@
4859
4859
  "possibleTypes": null
4860
4860
  },
4861
4861
  "AnomalyStats": {
4862
- "description": null,
4862
+ "description": "The `AnomalyStats` object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.",
4863
4863
  "enumValues": null,
4864
4864
  "fields": {
4865
4865
  "analystFeedback": {
@@ -6497,7 +6497,7 @@
6497
6497
  "responseStr": "site:$siteRef ",
6498
6498
  "type": {
6499
6499
  "definition": {
6500
- "description": null,
6500
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
6501
6501
  "enumValues": null,
6502
6502
  "fields": {
6503
6503
  "id": {
@@ -7796,7 +7796,7 @@
7796
7796
  "responseStr": "user:$userRef ",
7797
7797
  "type": {
7798
7798
  "definition": {
7799
- "description": null,
7799
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
7800
7800
  "enumValues": null,
7801
7801
  "fields": {
7802
7802
  "id": {
@@ -7910,7 +7910,7 @@
7910
7910
  "possibleTypes": null
7911
7911
  },
7912
7912
  "CatoEndpoint": {
7913
- "description": null,
7913
+ "description": "The `CatoEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.",
7914
7914
  "enumValues": null,
7915
7915
  "fields": {
7916
7916
  "alerts": {
@@ -7926,7 +7926,7 @@
7926
7926
  "responseStr": "alerts:$catoEndpointAlert ",
7927
7927
  "type": {
7928
7928
  "definition": {
7929
- "description": null,
7929
+ "description": "The `CatoEndpointAlert` object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.",
7930
7930
  "enumValues": null,
7931
7931
  "fields": {
7932
7932
  "activities": {
@@ -7943,7 +7943,7 @@
7943
7943
  "responseStr": "activities:$catoActivity ",
7944
7944
  "type": {
7945
7945
  "definition": {
7946
- "description": null,
7946
+ "description": "CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.",
7947
7947
  "enumValues": null,
7948
7948
  "fields": {
7949
7949
  "id": {
@@ -8153,6 +8153,26 @@
8153
8153
  },
8154
8154
  "varName": "engineType"
8155
8155
  },
8156
+ "externalIp": {
8157
+ "args": {},
8158
+ "deprecationReason": null,
8159
+ "description": null,
8160
+ "id_str": "story___incident___CatoEndpoint___alerts___externalIp",
8161
+ "isDeprecated": false,
8162
+ "name": "externalIp",
8163
+ "path": "story.incident.CatoEndpoint.alerts.externalIp",
8164
+ "requestStr": "$externalIp:String ",
8165
+ "required": false,
8166
+ "responseStr": "externalIp:$externalIp ",
8167
+ "type": {
8168
+ "kind": [
8169
+ "SCALAR"
8170
+ ],
8171
+ "name": "String",
8172
+ "non_null": false
8173
+ },
8174
+ "varName": "externalIp"
8175
+ },
8156
8176
  "id": {
8157
8177
  "args": {},
8158
8178
  "deprecationReason": null,
@@ -8174,6 +8194,26 @@
8174
8194
  },
8175
8195
  "varName": "id"
8176
8196
  },
8197
+ "localIp": {
8198
+ "args": {},
8199
+ "deprecationReason": null,
8200
+ "description": null,
8201
+ "id_str": "story___incident___CatoEndpoint___alerts___localIp",
8202
+ "isDeprecated": false,
8203
+ "name": "localIp",
8204
+ "path": "story.incident.CatoEndpoint.alerts.localIp",
8205
+ "requestStr": "$localIp:String ",
8206
+ "required": false,
8207
+ "responseStr": "localIp:$localIp ",
8208
+ "type": {
8209
+ "kind": [
8210
+ "SCALAR"
8211
+ ],
8212
+ "name": "String",
8213
+ "non_null": false
8214
+ },
8215
+ "varName": "localIp"
8216
+ },
8177
8217
  "mitreSubTechnique": {
8178
8218
  "alias": "mitreMitreSubTechnique: mitreSubTechnique",
8179
8219
  "args": {},
@@ -8544,7 +8584,7 @@
8544
8584
  "name": "CatoResource",
8545
8585
  "possibleTypes": {
8546
8586
  "CatoFileResource": {
8547
- "description": null,
8587
+ "description": "The `CatoFileResource` is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.",
8548
8588
  "enumValues": null,
8549
8589
  "fields": {
8550
8590
  "createdDateTime": {
@@ -9013,7 +9053,7 @@
9013
9053
  "possibleTypes": null
9014
9054
  },
9015
9055
  "CatoProcessResource": {
9016
- "description": null,
9056
+ "description": "The `CatoProcessResource` is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.",
9017
9057
  "enumValues": null,
9018
9058
  "fields": {
9019
9059
  "createdDateTime": {
@@ -9530,7 +9570,7 @@
9530
9570
  "name": "EndpointUser",
9531
9571
  "possibleTypes": {
9532
9572
  "CatoEndpointUser": {
9533
- "description": null,
9573
+ "description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
9534
9574
  "enumValues": null,
9535
9575
  "fields": {
9536
9576
  "id": {
@@ -9585,7 +9625,7 @@
9585
9625
  "possibleTypes": null
9586
9626
  },
9587
9627
  "MicrosoftEndpointUser": {
9588
- "description": null,
9628
+ "description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
9589
9629
  "enumValues": null,
9590
9630
  "fields": {
9591
9631
  "accountName": {
@@ -10340,7 +10380,7 @@
10340
10380
  "responseStr": "device:$catoEndpointDeviceDetails ",
10341
10381
  "type": {
10342
10382
  "definition": {
10343
- "description": null,
10383
+ "description": "The `CatoEndpointDeviceDetails` object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.",
10344
10384
  "enumValues": null,
10345
10385
  "fields": {
10346
10386
  "deviceName": {
@@ -10363,6 +10403,26 @@
10363
10403
  },
10364
10404
  "varName": "deviceName"
10365
10405
  },
10406
+ "externalIp": {
10407
+ "args": {},
10408
+ "deprecationReason": null,
10409
+ "description": null,
10410
+ "id_str": "story___incident___CatoEndpoint___device___externalIp",
10411
+ "isDeprecated": false,
10412
+ "name": "externalIp",
10413
+ "path": "story.incident.CatoEndpoint.device.externalIp",
10414
+ "requestStr": "$externalIp:String ",
10415
+ "required": false,
10416
+ "responseStr": "externalIp:$externalIp ",
10417
+ "type": {
10418
+ "kind": [
10419
+ "SCALAR"
10420
+ ],
10421
+ "name": "String",
10422
+ "non_null": false
10423
+ },
10424
+ "varName": "externalIp"
10425
+ },
10366
10426
  "id": {
10367
10427
  "args": {},
10368
10428
  "deprecationReason": null,
@@ -10384,6 +10444,26 @@
10384
10444
  },
10385
10445
  "varName": "id"
10386
10446
  },
10447
+ "localIp": {
10448
+ "args": {},
10449
+ "deprecationReason": null,
10450
+ "description": null,
10451
+ "id_str": "story___incident___CatoEndpoint___device___localIp",
10452
+ "isDeprecated": false,
10453
+ "name": "localIp",
10454
+ "path": "story.incident.CatoEndpoint.device.localIp",
10455
+ "requestStr": "$localIp:String ",
10456
+ "required": false,
10457
+ "responseStr": "localIp:$localIp ",
10458
+ "type": {
10459
+ "kind": [
10460
+ "SCALAR"
10461
+ ],
10462
+ "name": "String",
10463
+ "non_null": false
10464
+ },
10465
+ "varName": "localIp"
10466
+ },
10387
10467
  "loggedOnUsers": {
10388
10468
  "args": {},
10389
10469
  "deprecationReason": null,
@@ -10449,7 +10529,7 @@
10449
10529
  "name": "EndpointUser",
10450
10530
  "possibleTypes": {
10451
10531
  "CatoEndpointUser": {
10452
- "description": null,
10532
+ "description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
10453
10533
  "enumValues": null,
10454
10534
  "fields": {
10455
10535
  "id": {
@@ -10504,7 +10584,7 @@
10504
10584
  "possibleTypes": null
10505
10585
  },
10506
10586
  "MicrosoftEndpointUser": {
10507
- "description": null,
10587
+ "description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
10508
10588
  "enumValues": null,
10509
10589
  "fields": {
10510
10590
  "accountName": {
@@ -11337,7 +11417,7 @@
11337
11417
  "responseStr": "site:$siteRef ",
11338
11418
  "type": {
11339
11419
  "definition": {
11340
- "description": null,
11420
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
11341
11421
  "enumValues": null,
11342
11422
  "fields": {
11343
11423
  "id": {
@@ -11586,7 +11666,7 @@
11586
11666
  "responseStr": "user:$userRef ",
11587
11667
  "type": {
11588
11668
  "definition": {
11589
- "description": null,
11669
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
11590
11670
  "enumValues": null,
11591
11671
  "fields": {
11592
11672
  "id": {
@@ -11700,7 +11780,7 @@
11700
11780
  "possibleTypes": null
11701
11781
  },
11702
11782
  "MicrosoftEndpoint": {
11703
- "description": null,
11783
+ "description": "The `MicrosoftEndpoint` object represents a comprehensive data structure used in GraphQL queries or mutations, containing fields related to security alerts, device details, threat predictions, and other metadata associated with Microsoft's security ecosystem.",
11704
11784
  "enumValues": null,
11705
11785
  "fields": {
11706
11786
  "alerts": {
@@ -11716,7 +11796,7 @@
11716
11796
  "responseStr": "alerts:$microsoftDefenderEndpointAlert ",
11717
11797
  "type": {
11718
11798
  "definition": {
11719
- "description": null,
11799
+ "description": "The `MicrosoftDefenderEndpointAlert` object represents an alert generated by Microsoft Defender for Endpoint, containing details such as activities, classification, criticality, detection source, and recommended actions, among other attributes, to help in identifying and managing security threats.",
11720
11800
  "enumValues": null,
11721
11801
  "fields": {
11722
11802
  "activities": {
@@ -11733,7 +11813,7 @@
11733
11813
  "responseStr": "activities:$microsoftActivity ",
11734
11814
  "type": {
11735
11815
  "definition": {
11736
- "description": null,
11816
+ "description": "The `MicrosoftActivity` object represents an activity within Microsoft services, containing fields such as action type, timestamps for the first and last activity, and identifiers for the activity and its associated resources.",
11737
11817
  "enumValues": null,
11738
11818
  "fields": {
11739
11819
  "action": {
@@ -12338,6 +12418,26 @@
12338
12418
  },
12339
12419
  "varName": "determination"
12340
12420
  },
12421
+ "externalIp": {
12422
+ "args": {},
12423
+ "deprecationReason": null,
12424
+ "description": null,
12425
+ "id_str": "story___incident___MicrosoftEndpoint___alerts___externalIp",
12426
+ "isDeprecated": false,
12427
+ "name": "externalIp",
12428
+ "path": "story.incident.MicrosoftEndpoint.alerts.externalIp",
12429
+ "requestStr": "$externalIp:String ",
12430
+ "required": false,
12431
+ "responseStr": "externalIp:$externalIp ",
12432
+ "type": {
12433
+ "kind": [
12434
+ "SCALAR"
12435
+ ],
12436
+ "name": "String",
12437
+ "non_null": false
12438
+ },
12439
+ "varName": "externalIp"
12440
+ },
12341
12441
  "firstActivityDateTime": {
12342
12442
  "args": {},
12343
12443
  "deprecationReason": null,
@@ -13109,7 +13209,7 @@
13109
13209
  "name": "MicrosoftEndpointResource",
13110
13210
  "possibleTypes": {
13111
13211
  "MicrosoftFileResource": {
13112
- "description": null,
13212
+ "description": "The `MicrosoftFileResource` object represents a file resource in a Microsoft system, containing fields such as creation date, detection and remediation status, file details, unique identifier, roles, tags, and a verdict on the file's status.",
13113
13213
  "enumValues": null,
13114
13214
  "fields": {
13115
13215
  "createdDateTime": {
@@ -13800,7 +13900,7 @@
13800
13900
  "possibleTypes": null
13801
13901
  },
13802
13902
  "MicrosoftProcessResource": {
13803
- "description": null,
13903
+ "description": "The `MicrosoftProcessResource` object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.",
13804
13904
  "enumValues": null,
13805
13905
  "fields": {
13806
13906
  "createdDateTime": {
@@ -14482,7 +14582,7 @@
14482
14582
  "name": "EndpointUser",
14483
14583
  "possibleTypes": {
14484
14584
  "CatoEndpointUser": {
14485
- "description": null,
14585
+ "description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
14486
14586
  "enumValues": null,
14487
14587
  "fields": {
14488
14588
  "id": {
@@ -14537,7 +14637,7 @@
14537
14637
  "possibleTypes": null
14538
14638
  },
14539
14639
  "MicrosoftEndpointUser": {
14540
- "description": null,
14640
+ "description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
14541
14641
  "enumValues": null,
14542
14642
  "fields": {
14543
14643
  "accountName": {
@@ -14747,7 +14847,7 @@
14747
14847
  "possibleTypes": null
14748
14848
  },
14749
14849
  "MicrosoftRegistryResource": {
14750
- "description": null,
14850
+ "description": "The `MicrosoftRegistryResource` object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.",
14751
14851
  "enumValues": null,
14752
14852
  "fields": {
14753
14853
  "createdDateTime": {
@@ -15816,7 +15916,7 @@
15816
15916
  "responseStr": "device:$microsoftDeviceDetails ",
15817
15917
  "type": {
15818
15918
  "definition": {
15819
- "description": null,
15919
+ "description": "The `MicrosoftDeviceDetails` object represents detailed information about a Microsoft device, including its antivirus status, Azure AD device ID, device name, first seen date and time, health status, IP interfaces, logged-on users, onboarding status, operating system details, and RBAC group.",
15820
15920
  "enumValues": null,
15821
15921
  "fields": {
15822
15922
  "avStatus": {
@@ -15915,6 +16015,26 @@
15915
16015
  },
15916
16016
  "varName": "deviceName"
15917
16017
  },
16018
+ "externalIp": {
16019
+ "args": {},
16020
+ "deprecationReason": null,
16021
+ "description": null,
16022
+ "id_str": "story___incident___MicrosoftEndpoint___device___externalIp",
16023
+ "isDeprecated": false,
16024
+ "name": "externalIp",
16025
+ "path": "story.incident.MicrosoftEndpoint.device.externalIp",
16026
+ "requestStr": "$externalIp:String ",
16027
+ "required": false,
16028
+ "responseStr": "externalIp:$externalIp ",
16029
+ "type": {
16030
+ "kind": [
16031
+ "SCALAR"
16032
+ ],
16033
+ "name": "String",
16034
+ "non_null": false
16035
+ },
16036
+ "varName": "externalIp"
16037
+ },
15918
16038
  "firstSeenDateTime": {
15919
16039
  "args": {},
15920
16040
  "deprecationReason": null,
@@ -16041,6 +16161,26 @@
16041
16161
  },
16042
16162
  "varName": "ipInterfaces"
16043
16163
  },
16164
+ "localIp": {
16165
+ "args": {},
16166
+ "deprecationReason": null,
16167
+ "description": null,
16168
+ "id_str": "story___incident___MicrosoftEndpoint___device___localIp",
16169
+ "isDeprecated": false,
16170
+ "name": "localIp",
16171
+ "path": "story.incident.MicrosoftEndpoint.device.localIp",
16172
+ "requestStr": "$localIp:String ",
16173
+ "required": false,
16174
+ "responseStr": "localIp:$localIp ",
16175
+ "type": {
16176
+ "kind": [
16177
+ "SCALAR"
16178
+ ],
16179
+ "name": "String",
16180
+ "non_null": false
16181
+ },
16182
+ "varName": "localIp"
16183
+ },
16044
16184
  "loggedOnUsers": {
16045
16185
  "args": {},
16046
16186
  "deprecationReason": null,
@@ -16106,7 +16246,7 @@
16106
16246
  "name": "EndpointUser",
16107
16247
  "possibleTypes": {
16108
16248
  "CatoEndpointUser": {
16109
- "description": null,
16249
+ "description": "The `CatoEndpointUser` is a GraphQL object type representing a user, with fields for a unique identifier (`id`) and a username (`name`), both of which are required.",
16110
16250
  "enumValues": null,
16111
16251
  "fields": {
16112
16252
  "id": {
@@ -16161,7 +16301,7 @@
16161
16301
  "possibleTypes": null
16162
16302
  },
16163
16303
  "MicrosoftEndpointUser": {
16164
- "description": null,
16304
+ "description": "The `MicrosoftEndpointUser` object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.",
16165
16305
  "enumValues": null,
16166
16306
  "fields": {
16167
16307
  "accountName": {
@@ -17097,7 +17237,7 @@
17097
17237
  "responseStr": "site:$siteRef ",
17098
17238
  "type": {
17099
17239
  "definition": {
17100
- "description": null,
17240
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
17101
17241
  "enumValues": null,
17102
17242
  "fields": {
17103
17243
  "id": {
@@ -17346,7 +17486,7 @@
17346
17486
  "responseStr": "user:$userRef ",
17347
17487
  "type": {
17348
17488
  "definition": {
17349
- "description": null,
17489
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
17350
17490
  "enumValues": null,
17351
17491
  "fields": {
17352
17492
  "id": {
@@ -17460,7 +17600,7 @@
17460
17600
  "possibleTypes": null
17461
17601
  },
17462
17602
  "NetworkXDRIncident": {
17463
- "description": null,
17603
+ "description": "The `NetworkXDRIncident` object represents a detailed incident report within a network, containing various fields such as incident ID, description, criticality, timeline events, and associated metadata like connection type, site information, and predicted threat type, used for analyzing and managing network security incidents.",
17464
17604
  "enumValues": null,
17465
17605
  "fields": {
17466
17606
  "acknowledged": {
@@ -20365,7 +20505,7 @@
20365
20505
  "responseStr": "site:$siteRef ",
20366
20506
  "type": {
20367
20507
  "definition": {
20368
- "description": null,
20508
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
20369
20509
  "enumValues": null,
20370
20510
  "fields": {
20371
20511
  "id": {
@@ -20676,7 +20816,7 @@
20676
20816
  "responseStr": "user:$userRef ",
20677
20817
  "type": {
20678
20818
  "definition": {
20679
- "description": null,
20819
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
20680
20820
  "enumValues": null,
20681
20821
  "fields": {
20682
20822
  "id": {
@@ -20790,7 +20930,7 @@
20790
20930
  "possibleTypes": null
20791
20931
  },
20792
20932
  "Threat": {
20793
- "description": null,
20933
+ "description": "The \"Threat\" object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate various attributes and metadata related to a threat incident, including details about the threat's origin, nature, risk assessment, and associated network traffic flows.",
20794
20934
  "enumValues": null,
20795
20935
  "fields": {
20796
20936
  "analystFeedback": {
@@ -22847,7 +22987,7 @@
22847
22987
  "responseStr": "site:$siteRef ",
22848
22988
  "type": {
22849
22989
  "definition": {
22850
- "description": null,
22990
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
22851
22991
  "enumValues": null,
22852
22992
  "fields": {
22853
22993
  "id": {
@@ -24126,7 +24266,7 @@
24126
24266
  "responseStr": "user:$userRef ",
24127
24267
  "type": {
24128
24268
  "definition": {
24129
- "description": null,
24269
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
24130
24270
  "enumValues": null,
24131
24271
  "fields": {
24132
24272
  "id": {
@@ -24240,7 +24380,7 @@
24240
24380
  "possibleTypes": null
24241
24381
  },
24242
24382
  "ThreatPrevention": {
24243
- "description": null,
24383
+ "description": "The `ThreatPrevention` object is a GraphQL type that represents the details of a threat prevention incident, including fields such as analyst feedback, client class, connection type, criticality, description, device name, and various other attributes related to the incident's signals, events, and status.",
24244
24384
  "enumValues": null,
24245
24385
  "fields": {
24246
24386
  "analystFeedback": {
@@ -25783,7 +25923,7 @@
25783
25923
  "responseStr": "site:$siteRef ",
25784
25924
  "type": {
25785
25925
  "definition": {
25786
- "description": null,
25926
+ "description": "A reference identifying the Site object. ID: Unique Site Identifier, Name: The Site Name",
25787
25927
  "enumValues": null,
25788
25928
  "fields": {
25789
25929
  "id": {
@@ -27576,7 +27716,7 @@
27576
27716
  "responseStr": "user:$userRef ",
27577
27717
  "type": {
27578
27718
  "definition": {
27579
- "description": null,
27719
+ "description": "A reference identifying the User object. ID: Unique User Identifier, Name: The User Name",
27580
27720
  "enumValues": null,
27581
27721
  "fields": {
27582
27722
  "id": {