catocli 2.0.5__py3-none-any.whl → 2.1.1__py3-none-any.whl

catocli/parsers/mutation_sites_updateSiteBwLicense/README.md

@@ -0,0 +1,17 @@
+
+## CATO-CLI - mutation.sites.updateSiteBwLicense:
+[Click here](https://api.catonetworks.com/documentation/#mutation-updateSiteBwLicense) for documentation on this operation.
+
+### Usage for mutation.sites.updateSiteBwLicense:
+
+`catocli mutation sites updateSiteBwLicense -h`
+
+`catocli mutation sites updateSiteBwLicense <json>`
+
+`catocli mutation sites updateSiteBwLicense "$(cat < updateSiteBwLicense.json)"`
+
+`catocli mutation sites updateSiteBwLicense '{"updateSiteBwLicenseInput": {"bw": {"bw": "Int"}, "licenseId": {"licenseId": "ID"}, "siteRefInput": {"by": {"by": "enum(ObjectRefBy)"}, "input": {"input": "String"}}}}'`
+
+#### Operation Arguments for mutation.sites.updateSiteBwLicense ####
+`accountId` [ID] - (required) N/A 
+`updateSiteBwLicenseInput` [UpdateSiteBwLicenseInput] - (required) N/A 

catocli/parsers/mutation_sites_updateSiteGeneralDetails/README.md

@@ -10,7 +10,7 @@
 
 `catocli mutation sites updateSiteGeneralDetails "$(cat < updateSiteGeneralDetails.json)"`
 
-`catocli mutation sites updateSiteGeneralDetails '{"siteId": "ID", "updateSiteGeneralDetailsInput": {"description": {"description": "String"}, "name": {"name": "String"}, "siteType": {"siteType": "enum(SiteType)"}, "updateSiteLocationInput": {"address": {"address": "String"}, "cityName": {"cityName": "String"}, "countryCode": {"countryCode": "String"}, "stateCode": {"stateCode": "String"}, "timezone": {"timezone": "String"}}}}'`
+`catocli mutation sites updateSiteGeneralDetails '{"siteId": "ID", "updateSiteGeneralDetailsInput": {"description": {"description": "String"}, "name": {"name": "String"}, "siteType": {"siteType": "enum(SiteType)"}, "updateSiteLocationInput": {"address": {"address": "String"}, "cityName": {"cityName": "String"}, "countryCode": {"countryCode": "String"}, "stateCode": {"stateCode": "String"}, "timezone": {"timezone": "String"}}, "updateSitePreferredPopLocationInput": {"preferredOnly": {"preferredOnly": "Boolean"}, "primary": {"by": {"by": "enum(ObjectRefBy)"}, "input": {"input": "String"}}, "secondary": {"by": {"by": "enum(ObjectRefBy)"}, "input": {"input": "String"}}}}}'`
 
 #### Operation Arguments for mutation.sites.updateSiteGeneralDetails ####
 `accountId` [ID] - (required) N/A 

catocli/parsers/parserApiClient.py

@@ -7,6 +7,7 @@ from graphql_client.api_client import ApiException
 import logging
 import pprint
 import uuid
+import string
 from urllib3.filepost import encode_multipart_formdata
 
 def createRequest(args, configuration):
@@ -24,7 +25,12 @@ def createRequest(args, configuration):
 	elif not params["t"] and params["json"] is None:
 		# Default to empty object if no json provided and not using -t flag
 		variablesObj = {}
-	if "accountId" in operation["args"]:
+	# Special handling for eventsFeed and auditFeed which use accountIDs array
+	if operationName in ["query.eventsFeed", "query.auditFeed"]:
+		# Only add accountIDs if not already provided in JSON
+		if "accountIDs" not in variablesObj:
+			variablesObj["accountIDs"] = [configuration.accountID]
+	elif "accountId" in operation["args"]:
 		variablesObj["accountId"] = configuration.accountID
 	else:
 		variablesObj["accountID"] = configuration.accountID
@@ -236,16 +242,17 @@ def validateArgs(variablesObj,operation):
 
 def loadJSON(file):
 	CONFIG = {}
-	module_dir_ary = os.path.dirname(__file__).split("/")
-	del module_dir_ary[-1]
-	del module_dir_ary[-1]
-	module_dir = "/".join(module_dir_ary)
+	module_dir = os.path.dirname(__file__)
+	# Navigate up two directory levels (from parsers/ to catocli/ to root)
+	module_dir = os.path.dirname(module_dir)  # Go up from parsers/
+	module_dir = os.path.dirname(module_dir)  # Go up from catocli/
 	try:
-		with open(module_dir+'/'+file, 'r') as data:
+		file_path = os.path.join(module_dir, file)
+		with open(file_path, 'r') as data:
 			CONFIG = json.load(data)
 			return CONFIG
 	except:
-		logging.warning("File \""+module_dir+'/'+file+"\" not found.")
+		logging.warning(f"File \"{os.path.join(module_dir, file)}\" not found.")
 		exit()
 
 def renderCamelCase(pathStr):
@@ -291,7 +298,8 @@ def renderArgsAndFields(responseArgStr, variablesObj, curOperation, definition,
 			responseArgStr += " {\n"
 			for subfieldIndex in field['type']['definition']['fields']:
 				subfield = field['type']['definition']['fields'][subfieldIndex]
-				subfield_name = subfield['alias'] if 'alias' in subfield else subfield['name']				
+				# Use the alias if it exists, otherwise use the field name
+				subfield_name = subfield['alias'] if 'alias' in subfield else subfield['name']
 				responseArgStr += indent + "	" + subfield_name
 				if subfield.get("args") and len(list(subfield["args"].keys()))>0:
 					argsPresent = False
@@ -338,7 +346,14 @@ def renderArgsAndFields(responseArgStr, variablesObj, curOperation, definition,
 			responseArgStr += " {\n"
 			for subfieldName in field['type']['definition'].get('inputFields'):
 				subfield = field['type']['definition']['inputFields'][subfieldName]
-				subfield_name = subfield['alias'] if 'alias' in subfield else subfield['name']
+				# Updated aliasing logic for inputFields
+				if (subfield.get('type') and subfield['type'].get('name') and 
+					curOperation.get('fieldTypes', {}).get(subfield['type']['name']) and 
+					subfield.get('type', {}).get('kind') and 
+					'SCALAR' not in str(subfield['type']['kind'])):
+					subfield_name = f"{subfield['name']}{field['type']['definition']['name']}: {subfield['name']}"
+				else:
+					subfield_name = subfield['name']  # Always use the raw field name, not incorrect aliases
 				responseArgStr += indent + "	" + subfield_name
 				if subfield.get('type') and subfield['type'].get('definition') and (subfield['type']['definition'].get('fields') or subfield['type']['definition'].get('inputFields')):
 					responseArgStr += " {\n"
@@ -429,6 +444,339 @@ def createRawBinaryRequest(args, configuration):
 			print(f"ERROR: Failed to send multipart request: {error_str}")
 		return None
 
+def get_private_help(command_name, command_config):
+	"""Generate comprehensive help text for a private command"""
+	usage = f"catocli private {command_name}"
+	
+	# Create comprehensive JSON example with all arguments (excluding accountId)
+	if 'arguments' in command_config:
+		json_example = {}
+		for arg in command_config['arguments']:
+			arg_name = arg.get('name')
+			# Skip accountId since it's handled by standard -accountID CLI argument
+			if arg_name and arg_name.lower() != 'accountid':
+				if 'example' in arg:
+					# Use explicit example if provided
+					json_example[arg_name] = arg['example']
+				elif 'default' in arg:
+					# Use default value if available
+					json_example[arg_name] = arg['default']
+				else:
+					# Generate placeholder based on type
+					arg_type = arg.get('type', 'string')
+					if arg_type == 'string':
+						json_example[arg_name] = f"<{arg_name}>"
+					elif arg_type == 'object':
+						if 'struct' in arg:
+							# Use struct definition
+							json_example[arg_name] = arg['struct']
+						else:
+							json_example[arg_name] = {}
+					else:
+						json_example[arg_name] = f"<{arg_name}>"
+					
+		if json_example:
+			# Format JSON nicely for readability in help
+			json_str = json.dumps(json_example, indent=2)
+			usage += f" '{json_str}'"
+	
+	# Add common options
+	usage += " [-t] [-v] [-p]"
+	
+	# Add command-specific arguments with descriptions (excluding accountId)
+	if 'arguments' in command_config:
+		filtered_args = [arg for arg in command_config['arguments'] if arg.get('name', '').lower() != 'accountid']
+		if filtered_args:
+			usage += "\n\nArguments:"
+			for arg in filtered_args:
+				arg_name = arg.get('name')
+				arg_type = arg.get('type', 'string')
+				arg_default = arg.get('default')
+				arg_example = arg.get('example')
+				
+				if arg_name:
+					usage += f"\n  --{arg_name}: {arg_type}"
+					if arg_default is not None:
+						usage += f" (default: {arg_default})"
+					if arg_example is not None and arg_example != arg_default:
+						usage += f" (example: {json.dumps(arg_example) if isinstance(arg_example, (dict, list)) else arg_example})"
+	
+	# Add standard accountID information
+	usage += "\n\nStandard Arguments:"
+	usage += "\n  -accountID: Account ID (taken from profile, can be overridden)"
+	
+	# Add payload file info if available
+	if 'payloadFilePath' in command_config:
+		usage += f"\n\nPayload template: {command_config['payloadFilePath']}"
+	
+	# Add batch processing info if configured
+	if 'batchSize' in command_config:
+		usage += f"\nBatch size: {command_config['batchSize']}"
+		if 'paginationParam' in command_config:
+			usage += f" (pagination: {command_config['paginationParam']})"
+	
+	return usage
+
+
+def load_payload_template(command_config):
+	"""Load and return the GraphQL payload template for a private command"""
+	try:
+		payload_path = command_config.get('payloadFilePath')
+		if not payload_path:
+			raise ValueError(f"Missing payloadFilePath in command configuration")
+		
+		# Construct the full path relative to the settings directory
+		settings_dir = os.path.expanduser("~/.cato")
+		full_payload_path = os.path.join(settings_dir, payload_path)
+		
+		# Load the payload file using the standard JSON loading mechanism
+		try:
+			with open(full_payload_path, 'r') as f:
+				return json.load(f)
+		except FileNotFoundError:
+			raise ValueError(f"Payload file not found: {full_payload_path}")
+		except json.JSONDecodeError as e:
+			raise ValueError(f"Invalid JSON in payload file {full_payload_path}: {e}")
+	except Exception as e:
+		raise ValueError(f"Failed to load payload template: {e}")
+
+
+def set_nested_value(obj, path, value):
+	"""Set a value at a nested path in an object using jQuery-style JSON path syntax
+	
+	Supports:
+	- Simple dot notation: 'a.b.c'
+	- Array access: 'a.b[0].c' or 'a.b[0]'
+	- Mixed paths: 'variables.filters[0].search'
+	- Deep nesting: 'data.results[0].items[1].properties.name'
+	"""
+	import re
+	
+	# Parse the path into components handling both dot notation and array indices
+	# Split by dots first, then handle array indices
+	path_parts = []
+	for part in path.split('.'):
+		# Check if this part contains array notation like 'items[0]'
+		array_matches = re.findall(r'([^\[]+)(?:\[(\d+)\])?', part)
+		for match in array_matches:
+			key, index = match
+			if key:  # Add the key part
+				path_parts.append(key)
+			if index:  # Add the array index part
+				path_parts.append(int(index))
+	
+	current = obj
+	
+	# Navigate to the parent of the target location
+	for i, part in enumerate(path_parts[:-1]):
+		next_part = path_parts[i + 1]
+		
+		if isinstance(part, int):
+			# Current part is an array index
+			if not isinstance(current, list):
+				raise ValueError(f"Expected array at path component {i}, got {type(current).__name__}")
+			
+			# Extend array if necessary
+			while len(current) <= part:
+				current.append(None)
+			
+			# Initialize the array element if it doesn't exist
+			if current[part] is None:
+				if isinstance(next_part, int):
+					current[part] = []  # Next part is array index, so create array
+				else:
+					current[part] = {}  # Next part is object key, so create object
+			
+			current = current[part]
+			
+		else:
+			# Current part is an object key
+			if not isinstance(current, dict):
+				raise ValueError(f"Expected object at path component {i}, got {type(current).__name__}")
+			
+			# Create the key if it doesn't exist
+			if part not in current:
+				if isinstance(next_part, int):
+					current[part] = []  # Next part is array index, so create array
+				else:
+					current[part] = {}  # Next part is object key, so create object
+			
+			current = current[part]
+	
+	# Set the final value
+	final_part = path_parts[-1]
+	if isinstance(final_part, int):
+		# Final part is an array index
+		if not isinstance(current, list):
+			raise ValueError(f"Expected array at final path component, got {type(current).__name__}")
+		
+		# Extend array if necessary
+		while len(current) <= final_part:
+			current.append(None)
+		
+		current[final_part] = value
+	else:
+		# Final part is an object key
+		if not isinstance(current, dict):
+			raise ValueError(f"Expected object at final path component, got {type(current).__name__}")
+		
+		current[final_part] = value
+
+
+def apply_template_variables(template, variables, private_config):
+	"""Apply variables to the template using path-based insertion and template replacement"""
+	if not template or not isinstance(template, dict):
+		return template
+	
+	# Make a deep copy to avoid modifying the original
+	import copy
+	result = copy.deepcopy(template)
+	
+	# First, handle path-based variable insertion from private_config
+	if private_config and 'arguments' in private_config:
+		for arg in private_config['arguments']:
+			arg_name = arg.get('name')
+			arg_paths = arg.get('path', [])
+			
+			if arg_name and arg_name in variables and arg_paths:
+				# Insert the variable value at each specified path
+				for path in arg_paths:
+					try:
+						set_nested_value(result, path, variables[arg_name])
+					except Exception as e:
+						# If path insertion fails, continue to template replacement
+						pass
+	
+	# Second, handle traditional template variable replacement as fallback
+	def traverse_and_replace(obj, path=""):
+		if isinstance(obj, dict):
+			for key, value in list(obj.items()):
+				new_path = f"{path}.{key}" if path else key
+				
+				# Check if this is a template variable (string that starts with '{{')
+				if isinstance(value, str) and value.startswith('{{') and value.endswith('}}'):
+					# Extract variable name
+					var_name = value[2:-2].strip()
+					
+					# Replace with actual value if available
+					if var_name in variables:
+						obj[key] = variables[var_name]
+				
+				# Recursively process nested objects
+				else:
+					traverse_and_replace(value, new_path)
+					
+		elif isinstance(obj, list):
+			for i, item in enumerate(obj):
+				traverse_and_replace(item, f"{path}[{i}]")
+	
+	traverse_and_replace(result)
+	return result
+
+
+def createPrivateRequest(args, configuration):
+	"""Handle private command execution using GraphQL payload templates"""
+	params = vars(args)
+	
+	# Get the private command configuration
+	private_command = params.get('private_command')
+	private_config = params.get('private_config')
+	
+	if not private_command or not private_config:
+		print("ERROR: Missing private command configuration")
+		return None
+	
+	# Load private settings and apply ONLY for private commands
+	try:
+		settings_file = os.path.expanduser("~/.cato/settings.json")
+		with open(settings_file, 'r') as f:
+			private_settings = json.load(f)
+	except (FileNotFoundError, json.JSONDecodeError):
+		private_settings = {}
+	
+	# Override endpoint if specified in private settings
+	if 'baseUrl' in private_settings:
+		configuration.host = private_settings['baseUrl']
+	
+	# Add custom headers from private settings
+	if 'headers' in private_settings and isinstance(private_settings['headers'], dict):
+		if not hasattr(configuration, 'custom_headers'):
+			configuration.custom_headers = {}
+		for key, value in private_settings['headers'].items():
+			configuration.custom_headers[key] = value
+	
+	# Parse input JSON variables
+	try:
+		variables = json.loads(params.get('json', '{}'))
+	except ValueError as e:
+		print(f"ERROR: Invalid JSON input: {e}")
+		return None
+	
+	# Apply default values from settings configuration first
+	for arg in private_config.get('arguments', []):
+		arg_name = arg.get('name')
+		if arg_name and 'default' in arg:
+			variables[arg_name] = arg['default']
+	
+	# Apply profile account ID as fallback (lower priority than settings defaults)
+	# Only apply if accountId is not already set by settings defaults
+	if configuration and hasattr(configuration, 'accountID'):
+		if 'accountID' not in variables and 'accountId' not in variables:
+			# Use both naming conventions to support different payload templates
+			variables['accountID'] = configuration.accountID
+			variables['accountId'] = configuration.accountID
+		# If accountId/accountID exists but not the other variation, add both
+		elif 'accountID' in variables and 'accountId' not in variables:
+			variables['accountId'] = variables['accountID']
+		elif 'accountId' in variables and 'accountID' not in variables:
+			variables['accountID'] = variables['accountId']
+	
+	# Apply CLI argument values (highest priority - overrides everything)
+	for arg in private_config.get('arguments', []):
+		arg_name = arg.get('name')
+		if arg_name:
+			# Handle special case for accountId - CLI uses -accountID but config uses accountId
+			if arg_name.lower() == 'accountid':
+				if hasattr(args, 'accountID') and getattr(args, 'accountID') is not None:
+					arg_value = getattr(args, 'accountID')
+					variables['accountID'] = arg_value
+					variables['accountId'] = arg_value
+				elif hasattr(args, 'accountId') and getattr(args, 'accountId') is not None:
+					arg_value = getattr(args, 'accountId')
+					variables['accountID'] = arg_value
+					variables['accountId'] = arg_value
+			# Handle other arguments normally
+			else:
+				if hasattr(args, arg_name):
+					arg_value = getattr(args, arg_name)
+					if arg_value is not None:
+						variables[arg_name] = arg_value
+	
+	# Load the payload template
+	try:
+		payload_template = load_payload_template(private_config)
+	except ValueError as e:
+		print(f"ERROR: {e}")
+		return None
+	
+	# Apply variables to the template using path-based insertion
+	body = apply_template_variables(payload_template, variables, private_config)
+	
+	# Test mode - just print the request
+	if params.get('t'):
+		if params.get('p'):
+			print(json.dumps(body, indent=2, sort_keys=True))
+		else:
+			print(json.dumps(body))
+		return None
+	
+	# Execute the GraphQL request using custom method (no User-Agent header)
+	try:
+		return sendPrivateGraphQLRequest(configuration, body, params)
+	except Exception as e:
+		return e
+
+
 def sendMultipartRequest(configuration, form_fields, files, params):
 	"""Send a multipart/form-data request directly using urllib3"""
 	import urllib3
@@ -511,3 +859,90 @@ def sendMultipartRequest(configuration, form_fields, files, params):
 			error_str = f"Exception of type {type(e).__name__}"
 		print(f"ERROR: Network/request error: {error_str}")
 		return None
+
+
+def sendPrivateGraphQLRequest(configuration, body, params):
+	"""Send a GraphQL request for private commands without User-Agent header"""
+	import urllib3
+	
+	# Create pool manager
+	pool_manager = urllib3.PoolManager(
+		cert_reqs='CERT_NONE' if not getattr(configuration, 'verify_ssl', False) else 'CERT_REQUIRED'
+	)
+	
+	# Prepare headers WITHOUT User-Agent
+	headers = {
+		'Content-Type': 'application/json'
+	}
+	
+	# Add API key if not using headers file or custom headers
+	using_custom_headers = hasattr(configuration, 'custom_headers') and configuration.custom_headers
+	if not using_custom_headers and hasattr(configuration, 'api_key') and configuration.api_key and 'x-api-key' in configuration.api_key:
+		headers['x-api-key'] = configuration.api_key['x-api-key']
+	
+	# Add custom headers
+	if using_custom_headers:
+		headers.update(configuration.custom_headers)
+	
+	# Encode headers to handle Unicode characters properly
+	encoded_headers = {}
+	for key, value in headers.items():
+		# Ensure header values are properly encoded as strings
+		if isinstance(value, str):
+			# Replace problematic Unicode characters that can't be encoded in latin-1
+			value = value.encode('utf-8', errors='replace').decode('latin-1', errors='replace')
+		encoded_headers[key] = value
+	headers = encoded_headers
+	
+	# Verbose output
+	if params.get("v") == True:
+		print(f"Host: {getattr(configuration, 'host', 'unknown')}")
+		masked_headers = headers.copy()
+		if 'x-api-key' in masked_headers:
+			masked_headers['x-api-key'] = '***MASKED***'
+		# Also mask Cookie for privacy
+		if 'Cookie' in masked_headers:
+			masked_headers['Cookie'] = '***MASKED***'
+		print(f"Request Headers: {json.dumps(masked_headers, indent=4, sort_keys=True)}")
+		print(f"Request Data: {json.dumps(body, indent=4, sort_keys=True)}\n")
+	
+	# Prepare request body
+	body_data = json.dumps(body).encode('utf-8')
+	
+	try:
+		# Make the request
+		resp = pool_manager.request(
+			'POST',
+			getattr(configuration, 'host', 'https://api.catonetworks.com/api/v1/graphql'),
+			body=body_data,
+			headers=headers
+		)
+		
+		# Parse response
+		if resp.status < 200 or resp.status >= 300:
+			reason = resp.reason if resp.reason is not None else "Unknown Error"
+			error_msg = f"HTTP {resp.status}: {reason}"
+			if resp.data:
+				try:
+					error_msg += f"\n{resp.data.decode('utf-8')}"
+				except Exception:
+					error_msg += f"\n{resp.data}"
+			print(f"ERROR: {error_msg}")
+			return None
+		
+		try:
+			response_data = json.loads(resp.data.decode('utf-8'))
+		except json.JSONDecodeError:
+			response_data = resp.data.decode('utf-8')
+		
+		# Return in the same format as the regular API client
+		return [response_data]
+		
+	except Exception as e:
+		# Safely handle exception string conversion
+		try:
+			error_str = str(e)
+		except Exception:
+			error_str = f"Exception of type {type(e).__name__}"
+		print(f"ERROR: Network/request error: {error_str}")
+		return None

catocli/parsers/query_eventsFeed/README.md

@@ -15,5 +15,5 @@
 #### Operation Arguments for query.eventsFeed ####
 `accountIDs` [ID[]] - (optional) List of Unique Account Identifiers. 
 `eventFeedFieldFilterInput` [EventFeedFieldFilterInput[]] - (optional) N/A 
-`fieldNames` [EventFieldName[]] - (optional) N/A Default Value: ['access_method', 'account_id', 'action', 'actions_taken', 'ad_name', 'alert_id', 'always_on_configuration', 'analyst_verdict', 'api_name', 'api_type', 'app_activity', 'app_activity_category', 'app_activity_type', 'app_stack', 'application', 'application_id', 'application_name', 'application_risk', 'auth_method', 'authentication_type', 'bgp_cato_asn', 'bgp_cato_ip', 'bgp_error_code', 'bgp_peer_asn', 'bgp_peer_ip', 'bgp_route_cidr', 'bgp_suberror_code', 'bypass_duration_sec', 'bypass_method', 'bypass_reason', 'categories', 'cato_app', 'classification', 'client_cert_expires', 'client_cert_name', 'client_class', 'client_version', 'collaborator_name', 'collaborators', 'confidence_level', 'configured_host_name', 'congestion_algorithm', 'connect_on_boot', 'connection_origin', 'connector_name', 'connector_status', 'connector_type', 'container_name', 'correlation_id', 'criticality', 'custom_categories', 'custom_category', 'custom_category_id', 'custom_category_name', 'dest_country', 'dest_country_code', 'dest_group_id', 'dest_group_name', 'dest_ip', 'dest_is_site_or_vpn', 'dest_pid', 'dest_port', 'dest_process_cmdline', 'dest_process_parent_path', 'dest_process_parent_pid', 'dest_process_path', 'dest_site', 'dest_site_id', 'dest_site_name', 'detection_name', 'detection_stage', 'device_categories', 'device_certificate', 'device_id', 'device_manufacturer', 'device_model', 'device_name', 'device_os_type', 'device_posture_profile', 'device_posture_profiles', 'device_type', 'directory_host_name', 'directory_ip', 'directory_sync_result', 'directory_sync_type', 'disinfect_result', 'dlp_fail_mode', 'dlp_profiles', 'dlp_scan_types', 'dns_protection_category', 'dns_query', 'domain_name', 'egress_pop_name', 'egress_site_name', 'email_subject', 'endpoint_id', 'epp_engine_type', 'epp_profile', 'event_count', 'event_id', 'event_message', 'event_sub_type', 'event_type', 'failure_reason', 'file_hash', 'file_name', 'file_operation', 'file_size', 'file_type', 'final_object_status', 'flows_cardinality', 'full_path_url', 'guest_user', 'host_ip', 'host_mac', 'http_request_method', 'incident_aggregation', 'incident_id', 'indication', 'indicator', 'initial_object_status', 'internalId', 'ip_protocol', 'is_admin', 'is_admin_activity', 'is_compliant', 'is_managed', 'is_sanctioned_app', 'is_sinkhole', 'ISP_name', 'key_name', 'labels', 'link_health_is_congested', 'link_health_jitter', 'link_health_latency', 'link_health_pkt_loss', 'link_type', 'logged_in_user', 'login_type', 'matched_data_types', 'mitre_attack_subtechniques', 'mitre_attack_tactics', 'mitre_attack_techniques', 'network_access', 'network_rule', 'notification_api_error', 'notification_description', 'object_id', 'object_name', 'object_type', 'office_mode', 'os_type', 'os_version', 'out_of_band_access', 'owner', 'pac_file', 'parent_connector_name', 'pop_name', 'precedence', 'processes_count', 'producer', 'prompt_action', 'public_ip', 'qos_priority', 'qos_reported_time', 'quarantine_folder_path', 'quarantine_uuid', 'raw_data', 'recommended_actions', 'reference_url', 'referer_url', 'registration_code', 'risk_level', 'rule', 'rule_id', 'rule_name', 'severity', 'sharing_scope', 'sign_in_event_types', 'signature_id', 'socket_interface', 'socket_interface_id', 'socket_new_version', 'socket_old_version', 'socket_reset', 'socket_role', 'socket_serial', 'socket_version', 'split_tunnel_configuration', 'src_country', 'src_country_code', 'src_ip', 'src_is_site_or_vpn', 'src_isp_ip', 'src_or_dest_site_id', 'src_pid', 'src_port', 'src_process_cmdline', 'src_process_parent_path', 'src_process_parent_pid', 'src_process_path', 'src_site', 'src_site_id', 'src_site_name', 'static_host', 'status', 'story_id', 'subnet_name', 'targets_cardinality', 'tcp_acceleration', 'tenant_id', 'tenant_name', 'tenant_restriction_rule_name', 'threat_confidence', 'threat_name', 'threat_reference', 'threat_score', 'threat_type', 'threat_verdict', 'time', 'time_str', 'title', 'tls_certificate_error', 'tls_error_description', 'tls_error_type', 'tls_inspection', 'tls_rule_name', 'tls_version', 'traffic_direction', 'translated_client_ip', 'translated_server_ip', 'trigger', 'trust_type', 'trusted_networks', 'tunnel_ip_protocol', 'tunnel_protocol', 'upgrade_end_time', 'upgrade_initiated_by', 'upgrade_start_time', 'url', 'user_agent', 'user_awareness_method', 'user_id', 'user_name', 'user_reference_id', 'user_risk_level', 'vendor', 'vendor_collaborator_id', 'vendor_device_id', 'vendor_device_name', 'vendor_event_id', 'vendor_user_id', 'visible_device_id', 'vpn_lan_access', 'vpn_user_email', 'windows_domain_name', 'xff']
+`fieldNames` [EventFieldName[]] - (optional) N/A Default Value: ['access_method', 'account_id', 'action', 'actions_taken', 'ad_name', 'alert_id', 'always_on_configuration', 'analyst_verdict', 'api_name', 'api_type', 'app_activity', 'app_activity_category', 'app_activity_type', 'app_stack', 'application_id', 'application_name', 'application_risk', 'auth_method', 'authentication_type', 'bgp_cato_asn', 'bgp_cato_ip', 'bgp_error_code', 'bgp_peer_asn', 'bgp_peer_ip', 'bgp_route_cidr', 'bgp_suberror_code', 'bypass_duration_sec', 'bypass_method', 'bypass_reason', 'categories', 'cato_app', 'classification', 'client_cert_expires', 'client_cert_name', 'client_class', 'client_version', 'collaborator_name', 'collaborators', 'confidence_level', 'configured_host_name', 'congestion_algorithm', 'connect_on_boot', 'connection_origin', 'connector_name', 'connector_status', 'connector_type', 'container_name', 'correlation_id', 'criticality', 'custom_category_id', 'custom_category_name', 'dest_country', 'dest_country_code', 'dest_group_id', 'dest_group_name', 'dest_ip', 'dest_is_site_or_vpn', 'dest_pid', 'dest_port', 'dest_process_cmdline', 'dest_process_parent_path', 'dest_process_parent_pid', 'dest_process_path', 'dest_site_id', 'dest_site_name', 'detection_name', 'detection_stage', 'device_categories', 'device_certificate', 'device_id', 'device_manufacturer', 'device_model', 'device_name', 'device_os_type', 'device_posture_profile', 'device_type', 'directory_host_name', 'directory_ip', 'directory_sync_result', 'directory_sync_type', 'disinfect_result', 'dlp_fail_mode', 'dlp_profiles', 'dlp_scan_types', 'dns_protection_category', 'dns_query', 'domain_name', 'egress_pop_name', 'egress_site_name', 'email_subject', 'endpoint_id', 'engine_type', 'epp_engine_type', 'epp_profile', 'event_count', 'event_id', 'event_message', 'event_sub_type', 'event_type', 'failure_reason', 'file_hash', 'file_name', 'file_operation', 'file_size', 'file_type', 'final_object_status', 'flows_cardinality', 'full_path_url', 'guest_user', 'host_ip', 'host_mac', 'http_request_method', 'incident_aggregation', 'incident_id', 'indication', 'indicator', 'initial_object_status', 'internalId', 'ip_protocol', 'is_admin', 'is_admin_activity', 'is_compliant', 'is_managed', 'is_sanctioned_app', 'is_sinkhole', 'ISP_name', 'key_name', 'labels', 'link_health_is_congested', 'link_health_jitter', 'link_health_latency', 'link_health_pkt_loss', 'link_type', 'logged_in_user', 'login_type', 'matched_data_types', 'mitre_attack_subtechniques', 'mitre_attack_tactics', 'mitre_attack_techniques', 'network_access', 'network_rule', 'notification_api_error', 'notification_description', 'object_id', 'object_name', 'object_type', 'office_mode', 'os_type', 'os_version', 'out_of_band_access', 'owner', 'pac_file', 'parent_connector_name', 'pop_name', 'precedence', 'processes_count', 'producer', 'projects', 'prompt_action', 'provider_name', 'public_ip', 'qos_priority', 'qos_reported_time', 'quarantine_folder_path', 'quarantine_uuid', 'raw_data', 'recommended_actions', 'reference_url', 'referer_url', 'region_name', 'registration_code', 'resource_id', 'risk_level', 'rule_id', 'rule_name', 'severity', 'sharing_scope', 'sign_in_event_types', 'signature_id', 'socket_interface', 'socket_interface_id', 'socket_new_version', 'socket_old_version', 'socket_reset', 'socket_role', 'socket_serial', 'socket_version', 'split_tunnel_configuration', 'src_country', 'src_country_code', 'src_ip', 'src_is_site_or_vpn', 'src_isp_ip', 'src_pid', 'src_port', 'src_process_cmdline', 'src_process_parent_path', 'src_process_parent_pid', 'src_process_path', 'src_site_id', 'src_site_name', 'static_host', 'status', 'story_id', 'subnet_name', 'subscription_name', 'targets_cardinality', 'tcp_acceleration', 'tenant_id', 'tenant_name', 'tenant_restriction_rule_name', 'threat_confidence', 'threat_name', 'threat_reference', 'threat_score', 'threat_type', 'threat_verdict', 'time', 'time_str', 'title', 'tls_certificate_error', 'tls_error_description', 'tls_error_type', 'tls_inspection', 'tls_rule_name', 'tls_version', 'traffic_direction', 'translated_client_ip', 'translated_server_ip', 'trigger', 'trust_type', 'trusted_networks', 'tunnel_ip_protocol', 'tunnel_protocol', 'upgrade_end_time', 'upgrade_initiated_by', 'upgrade_start_time', 'url', 'user_agent', 'user_awareness_method', 'user_id', 'user_name', 'user_reference_id', 'user_risk_level', 'vendor', 'vendor_collaborator_id', 'vendor_device_id', 'vendor_device_name', 'vendor_event_id', 'vendor_user_id', 'visible_device_id', 'vpn_lan_access', 'vpn_user_email', 'windows_domain_name', 'xff']
 `marker` [String] - (optional) Marker to use to get results from 

catocli/parsers/query_groups/README.md

@@ -0,0 +1,7 @@
+
+## CATO-CLI - query.groups:
+[Click here](https://api.catonetworks.com/documentation/#query-groups) for documentation on this operation.
+
+### Usage for query.groups:
+
+`catocli query groups -h`

catocli/parsers/query_groups/__init__.py

@@ -0,0 +1,54 @@
+
+from ..parserApiClient import createRequest, get_help
+
+def query_groups_parse(query_subparsers):
+	query_groups_parser = query_subparsers.add_parser('groups', 
+			help='groups() query operation', 
+			usage=get_help("query_groups"))
+
+	query_groups_subparsers = query_groups_parser.add_subparsers()
+
+	query_groups_group_parser = query_groups_subparsers.add_parser('group', 
+			help='group() groups operation', 
+			usage=get_help("query_groups_group"))
+
+	query_groups_group_subparsers = query_groups_group_parser.add_subparsers()
+
+	query_groups_group_members_parser = query_groups_group_subparsers.add_parser('members', 
+			help='members() group operation', 
+			usage=get_help("query_groups_group_members"))
+
+	query_groups_group_members_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
+	query_groups_group_members_parser.add_argument('-accountID', help='Override the CATO_ACCOUNT_ID environment variable with this value.')
+	query_groups_group_members_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
+	query_groups_group_members_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
+	query_groups_group_members_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
+	query_groups_group_members_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
+	query_groups_group_members_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+	query_groups_group_members_parser.set_defaults(func=createRequest,operation_name='query.groups.group.members')
+
+	query_groups_groupList_parser = query_groups_subparsers.add_parser('groupList', 
+			help='groupList() groups operation', 
+			usage=get_help("query_groups_groupList"))
+
+	query_groups_groupList_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
+	query_groups_groupList_parser.add_argument('-accountID', help='Override the CATO_ACCOUNT_ID environment variable with this value.')
+	query_groups_groupList_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
+	query_groups_groupList_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
+	query_groups_groupList_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
+	query_groups_groupList_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
+	query_groups_groupList_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+	query_groups_groupList_parser.set_defaults(func=createRequest,operation_name='query.groups.groupList')
+
+	query_groups_whereUsed_parser = query_groups_subparsers.add_parser('whereUsed', 
+			help='whereUsed() groups operation', 
+			usage=get_help("query_groups_whereUsed"))
+
+	query_groups_whereUsed_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
+	query_groups_whereUsed_parser.add_argument('-accountID', help='Override the CATO_ACCOUNT_ID environment variable with this value.')
+	query_groups_whereUsed_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
+	query_groups_whereUsed_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
+	query_groups_whereUsed_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
+	query_groups_whereUsed_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
+	query_groups_whereUsed_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+	query_groups_whereUsed_parser.set_defaults(func=createRequest,operation_name='query.groups.whereUsed')

catocli/parsers/query_groups_group/README.md

@@ -0,0 +1,7 @@
+
+## CATO-CLI - query.groups.group:
+[Click here](https://api.catonetworks.com/documentation/#query-group) for documentation on this operation.
+
+### Usage for query.groups.group:
+
+`catocli query groups group -h`

catocli/parsers/query_groups_groupList/README.md

@@ -0,0 +1,18 @@
+
+## CATO-CLI - query.groups.groupList:
+[Click here](https://api.catonetworks.com/documentation/#query-groupList) for documentation on this operation.
+
+### Usage for query.groups.groupList:
+
+`catocli query groups groupList -h`
+
+`catocli query groups groupList <json>`
+
+`catocli query groups groupList "$(cat < groupList.json)"`
+
+`catocli query groups groupList '{"groupListInput": {"groupListFilterInput": {"audit": {"updatedBy": {"by": {"by": "enum(ObjectRefBy)"}, "input": {"input": "String"}}, "updatedTime": {"between": {"between": ["DateTime"]}, "eq": {"eq": "DateTime"}, "gt": {"gt": "DateTime"}, "gte": {"gte": "DateTime"}, "in": {"in": ["DateTime"]}, "lt": {"lt": "DateTime"}, "lte": {"lte": "DateTime"}, "neq": {"neq": "DateTime"}, "nin": {"nin": ["DateTime"]}}}, "freeText": {"search": {"search": "String"}}, "id": {"eq": {"eq": "ID"}, "in": {"in": ["ID"]}, "neq": {"neq": "ID"}, "nin": {"nin": ["ID"]}}, "member": {"ref": {"by": {"by": "enum(ObjectRefBy)"}, "input": {"input": "String"}, "type": {"type": "enum(GroupMemberRefType)"}}}, "name": {"eq": {"eq": "String"}, "in": {"in": ["String"]}, "neq": {"neq": "String"}, "nin": {"nin": ["String"]}, "regex": {"regex": "String"}}}, "groupListSortInput": {"audit": {"updatedBy": {"direction": {"direction": "enum(SortOrder)"}, "priority": {"priority": "Int"}}, "updatedTime": {"direction": {"direction": "enum(SortOrder)"}, "priority": {"priority": "Int"}}}, "name": {"direction": {"direction": "enum(SortOrder)"}, "priority": {"priority": "Int"}}}, "pagingInput": {"from": {"from": "Int"}, "limit": {"limit": "Int"}}}, "groupMembersListInput": {"groupMembersListFilterInput": {"name": {"eq": {"eq": "String"}, "in": {"in": ["String"]}, "neq": {"neq": "String"}, "nin": {"nin": ["String"]}, "regex": {"regex": "String"}}, "type": {"eq": {"eq": "enum(GroupMemberRefType)"}, "in": {"in": "enum(GroupMemberRefType)"}, "neq": {"neq": "enum(GroupMemberRefType)"}, "nin": {"nin": "enum(GroupMemberRefType)"}}}, "groupMembersListSortInput": {"name": {"direction": {"direction": "enum(SortOrder)"}, "priority": {"priority": "Int"}}, "type": {"direction": {"direction": "enum(SortOrder)"}, "priority": {"priority": "Int"}}}, "pagingInput": {"from": {"from": "Int"}, "limit": {"limit": "Int"}}}}'`
+
+#### Operation Arguments for query.groups.groupList ####
+`accountId` [ID] - (required) N/A 
+`groupListInput` [GroupListInput] - (optional) N/A 
+`groupMembersListInput` [GroupMembersListInput] - (required) N/A