catocli 3.0.10__py3-none-any.whl → 3.0.12__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of catocli might be problematic. Click here for more details.

Files changed (59) hide show
  1. catocli/Utils/clidriver.py +2 -2
  2. catocli/Utils/graphql_utils.py +15 -5
  3. catocli/Utils/help_formatter.py +50 -15
  4. catocli/__init__.py +1 -1
  5. catocli/parsers/custom/__init__.py +1 -1
  6. catocli/parsers/custom/customLib.py +3 -1
  7. catocli/parsers/mutation_groups_createGroup/README.md +39 -1
  8. catocli/parsers/mutation_groups_deleteGroup/README.md +39 -1
  9. catocli/parsers/mutation_groups_updateGroup/README.md +39 -1
  10. catocli/parsers/query_accountMetrics/README.md +29 -2
  11. catocli/parsers/query_accountSnapshot/README.md +16 -0
  12. catocli/parsers/query_appStats/README.md +11 -1
  13. catocli/parsers/query_appStatsTimeSeries/README.md +16 -2
  14. catocli/parsers/query_auditFeed/README.md +3 -1
  15. catocli/parsers/query_catalogs/README.md +178 -0
  16. catocli/parsers/query_container/README.md +49 -0
  17. catocli/parsers/query_devices/README.md +728 -0
  18. catocli/parsers/query_enterpriseDirectory/README.md +83 -0
  19. catocli/parsers/query_events/README.md +5 -1
  20. catocli/parsers/query_eventsTimeSeries/README.md +10 -2
  21. catocli/parsers/query_groups_groupList/README.md +39 -1
  22. catocli/parsers/query_hardware/README.md +153 -0
  23. catocli/parsers/query_hardwareManagement/README.md +56 -0
  24. catocli/parsers/query_popLocations/README.md +63 -0
  25. catocli/parsers/query_sandbox/README.md +69 -0
  26. catocli/parsers/query_socketPortMetrics/README.md +5 -1
  27. catocli/parsers/query_socketPortMetricsTimeSeries/README.md +10 -2
  28. catocli/parsers/query_xdr_stories/README.md +7 -2
  29. {catocli-3.0.10.dist-info → catocli-3.0.12.dist-info}/METADATA +1 -1
  30. {catocli-3.0.10.dist-info → catocli-3.0.12.dist-info}/RECORD +59 -59
  31. models/mutation.accountManagement.disableAccount.json +2 -2
  32. models/mutation.accountManagement.removeAccount.json +2 -2
  33. models/mutation.groups.createGroup.json +810 -0
  34. models/mutation.groups.deleteGroup.json +810 -0
  35. models/mutation.groups.updateGroup.json +810 -0
  36. models/query.accountMetrics.json +333 -1
  37. models/query.accountSnapshot.json +50 -1
  38. models/query.appStats.json +38 -0
  39. models/query.appStatsTimeSeries.json +78 -1
  40. models/query.auditFeed.json +105 -0
  41. models/query.catalogs.json +2708 -1
  42. models/query.container.json +793 -1
  43. models/query.devices.json +10338 -1
  44. models/query.enterpriseDirectory.json +1315 -1
  45. models/query.events.json +38 -0
  46. models/query.eventsFeed.json +1587 -0
  47. models/query.eventsTimeSeries.json +78 -1
  48. models/query.groups.groupList.json +810 -0
  49. models/query.hardware.json +2333 -1
  50. models/query.hardwareManagement.json +1086 -1
  51. models/query.popLocations.json +1172 -1
  52. models/query.sandbox.json +825 -1
  53. models/query.socketPortMetrics.json +38 -0
  54. models/query.socketPortMetricsTimeSeries.json +78 -1
  55. schema/catolib.py +107 -37
  56. {catocli-3.0.10.dist-info → catocli-3.0.12.dist-info}/WHEEL +0 -0
  57. {catocli-3.0.10.dist-info → catocli-3.0.12.dist-info}/entry_points.txt +0 -0
  58. {catocli-3.0.10.dist-info → catocli-3.0.12.dist-info}/licenses/LICENSE +0 -0
  59. {catocli-3.0.10.dist-info → catocli-3.0.12.dist-info}/top_level.txt +0 -0
models/query.eventsFeed.json CHANGED
@@ -365,6 +365,1592 @@
365
365
  },
366
366
  "varName": "eventFeedFieldFilterInput"
367
367
  },
368
+ "fieldNames": {
369
+ "defaultValue": null,
370
+ "description": null,
371
+ "id_str": "records___fieldNames",
372
+ "name": "fieldNames",
373
+ "path": "records.fieldNames",
374
+ "requestStr": "$fieldNames:[EventFieldName!] ",
375
+ "required": false,
376
+ "responseStr": "fieldNames:$fieldNames ",
377
+ "type": {
378
+ "definition": {
379
+ "description": null,
380
+ "enumValues": [
381
+ {
382
+ "deprecationReason": null,
383
+ "description": "Identifies system access software or device",
384
+ "isDeprecated": false,
385
+ "name": "access_method"
386
+ },
387
+ {
388
+ "deprecationReason": null,
389
+ "description": "Account ID",
390
+ "isDeprecated": false,
391
+ "name": "account_id"
392
+ },
393
+ {
394
+ "deprecationReason": null,
395
+ "description": "Firewall, QoS or LAG action",
396
+ "isDeprecated": false,
397
+ "name": "action"
398
+ },
399
+ {
400
+ "deprecationReason": null,
401
+ "description": "A list of actions taken, if more than one action was taken as defined by a policy",
402
+ "isDeprecated": false,
403
+ "name": "actions_taken"
404
+ },
405
+ {
406
+ "deprecationReason": null,
407
+ "description": "Active Directory name",
408
+ "isDeprecated": false,
409
+ "name": "ad_name"
410
+ },
411
+ {
412
+ "deprecationReason": null,
413
+ "description": "A unique identifier of the alert notification",
414
+ "isDeprecated": false,
415
+ "name": "alert_id"
416
+ },
417
+ {
418
+ "deprecationReason": null,
419
+ "description": "Always-on Configuration",
420
+ "isDeprecated": false,
421
+ "name": "always_on_configuration"
422
+ },
423
+ {
424
+ "deprecationReason": null,
425
+ "description": "Analyst Verdict",
426
+ "isDeprecated": false,
427
+ "name": "analyst_verdict"
428
+ },
429
+ {
430
+ "deprecationReason": null,
431
+ "description": "The name of the API, e.g. eventsFeed",
432
+ "isDeprecated": false,
433
+ "name": "api_name"
434
+ },
435
+ {
436
+ "deprecationReason": null,
437
+ "description": "Specifies whether the API is a query (read) or a mutation (create/update/delete)",
438
+ "isDeprecated": false,
439
+ "name": "api_type"
440
+ },
441
+ {
442
+ "deprecationReason": null,
443
+ "description": "Name of application activity",
444
+ "isDeprecated": false,
445
+ "name": "app_activity"
446
+ },
447
+ {
448
+ "deprecationReason": null,
449
+ "description": "SaaS user activities into categories.",
450
+ "isDeprecated": false,
451
+ "name": "app_activity_category"
452
+ },
453
+ {
454
+ "deprecationReason": null,
455
+ "description": "Activity type",
456
+ "isDeprecated": false,
457
+ "name": "app_activity_type"
458
+ },
459
+ {
460
+ "deprecationReason": null,
461
+ "description": "Related Apps",
462
+ "isDeprecated": false,
463
+ "name": "app_stack"
464
+ },
465
+ {
466
+ "deprecationReason": null,
467
+ "description": "Application ID of the flow",
468
+ "isDeprecated": false,
469
+ "name": "application_id"
470
+ },
471
+ {
472
+ "deprecationReason": null,
473
+ "description": "The name of the application associated with the flow",
474
+ "isDeprecated": false,
475
+ "name": "application_name"
476
+ },
477
+ {
478
+ "deprecationReason": null,
479
+ "description": "Application risk score",
480
+ "isDeprecated": false,
481
+ "name": "application_risk"
482
+ },
483
+ {
484
+ "deprecationReason": null,
485
+ "description": "Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN",
486
+ "isDeprecated": false,
487
+ "name": "auth_method"
488
+ },
489
+ {
490
+ "deprecationReason": null,
491
+ "description": "Examples: MFA or password",
492
+ "isDeprecated": false,
493
+ "name": "authentication_type"
494
+ },
495
+ {
496
+ "deprecationReason": null,
497
+ "description": "BGP ASN for Cato peer",
498
+ "isDeprecated": false,
499
+ "name": "bgp_cato_asn"
500
+ },
501
+ {
502
+ "deprecationReason": null,
503
+ "description": "BGP IP for Cato peer",
504
+ "isDeprecated": false,
505
+ "name": "bgp_cato_ip"
506
+ },
507
+ {
508
+ "deprecationReason": null,
509
+ "description": "BGP disconnect error code",
510
+ "isDeprecated": false,
511
+ "name": "bgp_error_code"
512
+ },
513
+ {
514
+ "deprecationReason": null,
515
+ "description": "BGP ASN for remote peer",
516
+ "isDeprecated": false,
517
+ "name": "bgp_peer_asn"
518
+ },
519
+ {
520
+ "deprecationReason": null,
521
+ "description": "BGP IP for remote peer",
522
+ "isDeprecated": false,
523
+ "name": "bgp_peer_ip"
524
+ },
525
+ {
526
+ "deprecationReason": null,
527
+ "description": "CIDR for BGP route",
528
+ "isDeprecated": false,
529
+ "name": "bgp_route_cidr"
530
+ },
531
+ {
532
+ "deprecationReason": null,
533
+ "description": "BGP disconnect error message",
534
+ "isDeprecated": false,
535
+ "name": "bgp_suberror_code"
536
+ },
537
+ {
538
+ "deprecationReason": null,
539
+ "description": "Always-On Bypass Duration In Seconds",
540
+ "isDeprecated": false,
541
+ "name": "bypass_duration_sec"
542
+ },
543
+ {
544
+ "deprecationReason": null,
545
+ "description": "Always-On Bypass Method",
546
+ "isDeprecated": false,
547
+ "name": "bypass_method"
548
+ },
549
+ {
550
+ "deprecationReason": null,
551
+ "description": "Always-On Bypass Reason",
552
+ "isDeprecated": false,
553
+ "name": "bypass_reason"
554
+ },
555
+ {
556
+ "deprecationReason": null,
557
+ "description": "Cato system category",
558
+ "isDeprecated": false,
559
+ "name": "categories"
560
+ },
561
+ {
562
+ "deprecationReason": null,
563
+ "description": "Cato application name",
564
+ "isDeprecated": false,
565
+ "name": "cato_app"
566
+ },
567
+ {
568
+ "deprecationReason": null,
569
+ "description": "Activity classification, e.g. FALSE_POSITIVE",
570
+ "isDeprecated": false,
571
+ "name": "classification"
572
+ },
573
+ {
574
+ "deprecationReason": null,
575
+ "description": "Expiration date for Client certificate",
576
+ "isDeprecated": false,
577
+ "name": "client_cert_expires"
578
+ },
579
+ {
580
+ "deprecationReason": null,
581
+ "description": "Name of Client certificate",
582
+ "isDeprecated": false,
583
+ "name": "client_cert_name"
584
+ },
585
+ {
586
+ "deprecationReason": null,
587
+ "description": "Type of process generating this traffic",
588
+ "isDeprecated": false,
589
+ "name": "client_class"
590
+ },
591
+ {
592
+ "deprecationReason": null,
593
+ "description": "Socket or SDP Client version",
594
+ "isDeprecated": false,
595
+ "name": "client_version"
596
+ },
597
+ {
598
+ "deprecationReason": null,
599
+ "description": "Shows the display name of the target user involved in an activity",
600
+ "isDeprecated": false,
601
+ "name": "collaborator_name"
602
+ },
603
+ {
604
+ "deprecationReason": null,
605
+ "description": "For SaaS Security API, email addresses of the users that received the file",
606
+ "isDeprecated": false,
607
+ "name": "collaborators"
608
+ },
609
+ {
610
+ "deprecationReason": null,
611
+ "description": "Confidence Level",
612
+ "isDeprecated": false,
613
+ "name": "confidence_level"
614
+ },
615
+ {
616
+ "deprecationReason": null,
617
+ "description": "For hosts configured with a static IP in the Cato Management Application, the host name",
618
+ "isDeprecated": false,
619
+ "name": "configured_host_name"
620
+ },
621
+ {
622
+ "deprecationReason": null,
623
+ "description": "The algorithm that is used (CUBIC /NewReno / BBR)",
624
+ "isDeprecated": false,
625
+ "name": "congestion_algorithm"
626
+ },
627
+ {
628
+ "deprecationReason": null,
629
+ "description": "Connect on boot Enabled/Disabled",
630
+ "isDeprecated": false,
631
+ "name": "connect_on_boot"
632
+ },
633
+ {
634
+ "deprecationReason": null,
635
+ "description": "Connection Origin",
636
+ "isDeprecated": false,
637
+ "name": "connection_origin"
638
+ },
639
+ {
640
+ "deprecationReason": null,
641
+ "description": "For SaaS Security API, name of the connector",
642
+ "isDeprecated": false,
643
+ "name": "connector_name"
644
+ },
645
+ {
646
+ "deprecationReason": null,
647
+ "description": "For SaaS Security API, status of the connector",
648
+ "isDeprecated": false,
649
+ "name": "connector_status"
650
+ },
651
+ {
652
+ "deprecationReason": null,
653
+ "description": "For SaaS Security API, SaaS app for the connector",
654
+ "isDeprecated": false,
655
+ "name": "connector_type"
656
+ },
657
+ {
658
+ "deprecationReason": null,
659
+ "description": "IoC Container Name",
660
+ "isDeprecated": false,
661
+ "name": "container_name"
662
+ },
663
+ {
664
+ "deprecationReason": null,
665
+ "description": "An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories.",
666
+ "isDeprecated": false,
667
+ "name": "correlation_id"
668
+ },
669
+ {
670
+ "deprecationReason": null,
671
+ "description": "Criticality",
672
+ "isDeprecated": false,
673
+ "name": "criticality"
674
+ },
675
+ {
676
+ "deprecationReason": null,
677
+ "description": "Custom category ID",
678
+ "isDeprecated": false,
679
+ "name": "custom_category_id"
680
+ },
681
+ {
682
+ "deprecationReason": null,
683
+ "description": "Custom category name",
684
+ "isDeprecated": false,
685
+ "name": "custom_category_name"
686
+ },
687
+ {
688
+ "deprecationReason": null,
689
+ "description": "For Internet traffic, country where the destination host is located",
690
+ "isDeprecated": false,
691
+ "name": "dest_country"
692
+ },
693
+ {
694
+ "deprecationReason": null,
695
+ "description": "For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2)",
696
+ "isDeprecated": false,
697
+ "name": "dest_country_code"
698
+ },
699
+ {
700
+ "deprecationReason": null,
701
+ "description": "The unique identifier by the SaaS vendor for the target group in an activity.",
702
+ "isDeprecated": false,
703
+ "name": "dest_group_id"
704
+ },
705
+ {
706
+ "deprecationReason": null,
707
+ "description": "Identifies the target group involved in an activity",
708
+ "isDeprecated": false,
709
+ "name": "dest_group_name"
710
+ },
711
+ {
712
+ "deprecationReason": null,
713
+ "description": "Destination IP address",
714
+ "isDeprecated": false,
715
+ "name": "dest_ip"
716
+ },
717
+ {
718
+ "deprecationReason": null,
719
+ "description": "For WAN traffic, destination is site or SDP user",
720
+ "isDeprecated": false,
721
+ "name": "dest_is_site_or_vpn"
722
+ },
723
+ {
724
+ "deprecationReason": null,
725
+ "description": "The destination process ID",
726
+ "isDeprecated": false,
727
+ "name": "dest_pid"
728
+ },
729
+ {
730
+ "deprecationReason": null,
731
+ "description": "Destination port",
732
+ "isDeprecated": false,
733
+ "name": "dest_port"
734
+ },
735
+ {
736
+ "deprecationReason": null,
737
+ "description": "Destination process command line",
738
+ "isDeprecated": false,
739
+ "name": "dest_process_cmdline"
740
+ },
741
+ {
742
+ "deprecationReason": null,
743
+ "description": "Destination process parent file path",
744
+ "isDeprecated": false,
745
+ "name": "dest_process_parent_path"
746
+ },
747
+ {
748
+ "deprecationReason": null,
749
+ "description": "Destination process parent process ID",
750
+ "isDeprecated": false,
751
+ "name": "dest_process_parent_pid"
752
+ },
753
+ {
754
+ "deprecationReason": null,
755
+ "description": "Destination process file path",
756
+ "isDeprecated": false,
757
+ "name": "dest_process_path"
758
+ },
759
+ {
760
+ "deprecationReason": null,
761
+ "description": "Unique internal Cato ID for the destination site or remote user",
762
+ "isDeprecated": false,
763
+ "name": "dest_site_id"
764
+ },
765
+ {
766
+ "deprecationReason": null,
767
+ "description": "The name of the destination site",
768
+ "isDeprecated": false,
769
+ "name": "dest_site_name"
770
+ },
771
+ {
772
+ "deprecationReason": null,
773
+ "description": "Short description of the detection",
774
+ "isDeprecated": false,
775
+ "name": "detection_name"
776
+ },
777
+ {
778
+ "deprecationReason": null,
779
+ "description": "Triggered when malware has been detected EPP Behavioral engines and has been dealt with:\n\u2022 on_detection: the event is triggered upon malware detection;\n\u2022 on_end_disinfect: the event is triggered upon detection and followed disinfection;\n\u2022 on_inject: the event is triggered upon code injection.",
780
+ "isDeprecated": false,
781
+ "name": "detection_stage"
782
+ },
783
+ {
784
+ "deprecationReason": null,
785
+ "description": "Device Categories",
786
+ "isDeprecated": false,
787
+ "name": "device_categories"
788
+ },
789
+ {
790
+ "deprecationReason": null,
791
+ "description": "Device Certificate Validated/Not Validated",
792
+ "isDeprecated": false,
793
+ "name": "device_certificate"
794
+ },
795
+ {
796
+ "deprecationReason": null,
797
+ "description": "Unique Cato ID for devices",
798
+ "isDeprecated": false,
799
+ "name": "device_id"
800
+ },
801
+ {
802
+ "deprecationReason": null,
803
+ "description": "Device Manufacturer",
804
+ "isDeprecated": false,
805
+ "name": "device_manufacturer"
806
+ },
807
+ {
808
+ "deprecationReason": null,
809
+ "description": "Device Model",
810
+ "isDeprecated": false,
811
+ "name": "device_model"
812
+ },
813
+ {
814
+ "deprecationReason": null,
815
+ "description": "Name for device related to the event",
816
+ "isDeprecated": false,
817
+ "name": "device_name"
818
+ },
819
+ {
820
+ "deprecationReason": null,
821
+ "description": "Device OS Type",
822
+ "isDeprecated": false,
823
+ "name": "device_os_type"
824
+ },
825
+ {
826
+ "deprecationReason": null,
827
+ "description": "Device posture profiles",
828
+ "isDeprecated": false,
829
+ "name": "device_posture_profile"
830
+ },
831
+ {
832
+ "deprecationReason": null,
833
+ "description": "Device Type",
834
+ "isDeprecated": false,
835
+ "name": "device_type"
836
+ },
837
+ {
838
+ "deprecationReason": null,
839
+ "description": "Host name of Domain Controller that created LDAP event",
840
+ "isDeprecated": false,
841
+ "name": "directory_host_name"
842
+ },
843
+ {
844
+ "deprecationReason": null,
845
+ "description": "IP address of Domain Controller that created LDAP event",
846
+ "isDeprecated": false,
847
+ "name": "directory_ip"
848
+ },
849
+ {
850
+ "deprecationReason": null,
851
+ "description": "Result of LDAP Domain Controller sync event",
852
+ "isDeprecated": false,
853
+ "name": "directory_sync_result"
854
+ },
855
+ {
856
+ "deprecationReason": null,
857
+ "description": "Type of LDAP Domain Controller sync event",
858
+ "isDeprecated": false,
859
+ "name": "directory_sync_type"
860
+ },
861
+ {
862
+ "deprecationReason": null,
863
+ "description": "If policy is set to disinfect, return the result of this action",
864
+ "isDeprecated": false,
865
+ "name": "disinfect_result"
866
+ },
867
+ {
868
+ "deprecationReason": null,
869
+ "description": "Describes the behavior when the DLP system encounters a failure",
870
+ "isDeprecated": false,
871
+ "name": "dlp_fail_mode"
872
+ },
873
+ {
874
+ "deprecationReason": null,
875
+ "description": "DLP profiles related to the event",
876
+ "isDeprecated": false,
877
+ "name": "dlp_profiles"
878
+ },
879
+ {
880
+ "deprecationReason": null,
881
+ "description": "Defines the scanning methods used by the DLP system",
882
+ "isDeprecated": false,
883
+ "name": "dlp_scan_types"
884
+ },
885
+ {
886
+ "deprecationReason": null,
887
+ "description": "Cato\u2019s DNS Protection type that matched the DNS request",
888
+ "isDeprecated": false,
889
+ "name": "dns_protection_category"
890
+ },
891
+ {
892
+ "deprecationReason": null,
893
+ "description": "Domain queried in the DNS request",
894
+ "isDeprecated": false,
895
+ "name": "dns_query"
896
+ },
897
+ {
898
+ "deprecationReason": null,
899
+ "description": "Domain name based on the SSL SNI, HTTP host name, or DNS name",
900
+ "isDeprecated": false,
901
+ "name": "domain_name"
902
+ },
903
+ {
904
+ "deprecationReason": null,
905
+ "description": "Egress PoP Name",
906
+ "isDeprecated": false,
907
+ "name": "egress_pop_name"
908
+ },
909
+ {
910
+ "deprecationReason": null,
911
+ "description": "Egress Site Name for backhauling traffic",
912
+ "isDeprecated": false,
913
+ "name": "egress_site_name"
914
+ },
915
+ {
916
+ "deprecationReason": null,
917
+ "description": "Email Subject",
918
+ "isDeprecated": false,
919
+ "name": "email_subject"
920
+ },
921
+ {
922
+ "deprecationReason": null,
923
+ "description": "The ID for the endpoint",
924
+ "isDeprecated": false,
925
+ "name": "endpoint_id"
926
+ },
927
+ {
928
+ "deprecationReason": null,
929
+ "description": "The engine type associated with the event",
930
+ "isDeprecated": false,
931
+ "name": "engine_type"
932
+ },
933
+ {
934
+ "deprecationReason": null,
935
+ "description": "The Endpoint Protection Engine that detected the malware",
936
+ "isDeprecated": false,
937
+ "name": "epp_engine_type"
938
+ },
939
+ {
940
+ "deprecationReason": null,
941
+ "description": "The profile assigned to the endpoint upon detection of the malware",
942
+ "isDeprecated": false,
943
+ "name": "epp_profile"
944
+ },
945
+ {
946
+ "deprecationReason": null,
947
+ "description": "Count for events that are repeated multiple times during one minute",
948
+ "isDeprecated": false,
949
+ "name": "event_count"
950
+ },
951
+ {
952
+ "deprecationReason": null,
953
+ "description": "Event Id",
954
+ "isDeprecated": false,
955
+ "name": "event_id"
956
+ },
957
+ {
958
+ "deprecationReason": null,
959
+ "description": "Cato's description of the event",
960
+ "isDeprecated": false,
961
+ "name": "event_message"
962
+ },
963
+ {
964
+ "deprecationReason": null,
965
+ "description": "Sub-type for Routing, Security, Connectivity, System or Sockets Management event",
966
+ "isDeprecated": false,
967
+ "name": "event_sub_type"
968
+ },
969
+ {
970
+ "deprecationReason": null,
971
+ "description": "Routing, Security, Connectivity, System or Sockets Management event",
972
+ "isDeprecated": false,
973
+ "name": "event_type"
974
+ },
975
+ {
976
+ "deprecationReason": null,
977
+ "description": "Provides details about why a specific action or process failed",
978
+ "isDeprecated": false,
979
+ "name": "failure_reason"
980
+ },
981
+ {
982
+ "deprecationReason": null,
983
+ "description": "File hash",
984
+ "isDeprecated": false,
985
+ "name": "file_hash"
986
+ },
987
+ {
988
+ "deprecationReason": null,
989
+ "description": "File name",
990
+ "isDeprecated": false,
991
+ "name": "file_name"
992
+ },
993
+ {
994
+ "deprecationReason": null,
995
+ "description": "The file operation when this event occurred",
996
+ "isDeprecated": false,
997
+ "name": "file_operation"
998
+ },
999
+ {
1000
+ "deprecationReason": null,
1001
+ "description": "File size",
1002
+ "isDeprecated": false,
1003
+ "name": "file_size"
1004
+ },
1005
+ {
1006
+ "deprecationReason": null,
1007
+ "description": "File type",
1008
+ "isDeprecated": false,
1009
+ "name": "file_type"
1010
+ },
1011
+ {
1012
+ "deprecationReason": null,
1013
+ "description": "The final status for this object after performing actions as defined by the policy",
1014
+ "isDeprecated": false,
1015
+ "name": "final_object_status"
1016
+ },
1017
+ {
1018
+ "deprecationReason": null,
1019
+ "description": "Amount of flows for a given incident",
1020
+ "isDeprecated": false,
1021
+ "name": "flows_cardinality"
1022
+ },
1023
+ {
1024
+ "deprecationReason": null,
1025
+ "description": "Full path URL application activity",
1026
+ "isDeprecated": false,
1027
+ "name": "full_path_url"
1028
+ },
1029
+ {
1030
+ "deprecationReason": null,
1031
+ "description": "An identifier for a guest user using Cato through a Captive Portal",
1032
+ "isDeprecated": false,
1033
+ "name": "guest_user"
1034
+ },
1035
+ {
1036
+ "deprecationReason": null,
1037
+ "description": "IP address of host related to event",
1038
+ "isDeprecated": false,
1039
+ "name": "host_ip"
1040
+ },
1041
+ {
1042
+ "deprecationReason": null,
1043
+ "description": "MAC address of host related to event",
1044
+ "isDeprecated": false,
1045
+ "name": "host_mac"
1046
+ },
1047
+ {
1048
+ "deprecationReason": null,
1049
+ "description": "HTTP request method (ie. Get, Post)",
1050
+ "isDeprecated": false,
1051
+ "name": "http_request_method"
1052
+ },
1053
+ {
1054
+ "deprecationReason": null,
1055
+ "description": "For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false)",
1056
+ "isDeprecated": false,
1057
+ "name": "incident_aggregation"
1058
+ },
1059
+ {
1060
+ "deprecationReason": null,
1061
+ "description": "Unique Cato ID that identifies this security incident",
1062
+ "isDeprecated": false,
1063
+ "name": "incident_id"
1064
+ },
1065
+ {
1066
+ "deprecationReason": null,
1067
+ "description": "Indication",
1068
+ "isDeprecated": false,
1069
+ "name": "indication"
1070
+ },
1071
+ {
1072
+ "deprecationReason": null,
1073
+ "description": "Indicator",
1074
+ "isDeprecated": false,
1075
+ "name": "indicator"
1076
+ },
1077
+ {
1078
+ "deprecationReason": null,
1079
+ "description": "The initial status of the object, before any policy was applied",
1080
+ "isDeprecated": false,
1081
+ "name": "initial_object_status"
1082
+ },
1083
+ {
1084
+ "deprecationReason": "use event_id instead. Planned end-of-life (EoL) date: May 1, 2025.",
1085
+ "description": "Cato Internal-use only",
1086
+ "isDeprecated": true,
1087
+ "name": "internalId"
1088
+ },
1089
+ {
1090
+ "deprecationReason": null,
1091
+ "description": "Network protocol for this event",
1092
+ "isDeprecated": false,
1093
+ "name": "ip_protocol"
1094
+ },
1095
+ {
1096
+ "deprecationReason": null,
1097
+ "description": "Classifies users based on their permissions.",
1098
+ "isDeprecated": false,
1099
+ "name": "is_admin"
1100
+ },
1101
+ {
1102
+ "deprecationReason": null,
1103
+ "description": "Indicates whether an activity requires administrative permissions.",
1104
+ "isDeprecated": false,
1105
+ "name": "is_admin_activity"
1106
+ },
1107
+ {
1108
+ "deprecationReason": null,
1109
+ "description": "Is Compliant",
1110
+ "isDeprecated": false,
1111
+ "name": "is_compliant"
1112
+ },
1113
+ {
1114
+ "deprecationReason": null,
1115
+ "description": "Is Managed",
1116
+ "isDeprecated": false,
1117
+ "name": "is_managed"
1118
+ },
1119
+ {
1120
+ "deprecationReason": null,
1121
+ "description": "Is the app for this event defined as a sanctioned app? (True/False)",
1122
+ "isDeprecated": false,
1123
+ "name": "is_sanctioned_app"
1124
+ },
1125
+ {
1126
+ "deprecationReason": null,
1127
+ "description": "If the events was part of the sinkhole flow",
1128
+ "isDeprecated": false,
1129
+ "name": "is_sinkhole"
1130
+ },
1131
+ {
1132
+ "deprecationReason": null,
1133
+ "description": "The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically)",
1134
+ "isDeprecated": false,
1135
+ "name": "ISP_name"
1136
+ },
1137
+ {
1138
+ "deprecationReason": null,
1139
+ "description": "Name defined for the public API Key in the Cato Management Application",
1140
+ "isDeprecated": false,
1141
+ "name": "key_name"
1142
+ },
1143
+ {
1144
+ "deprecationReason": null,
1145
+ "description": "A list of labels providing additional context for the event",
1146
+ "isDeprecated": false,
1147
+ "name": "labels"
1148
+ },
1149
+ {
1150
+ "deprecationReason": null,
1151
+ "description": "Data that measures the congestion for a specific link",
1152
+ "isDeprecated": false,
1153
+ "name": "link_health_is_congested"
1154
+ },
1155
+ {
1156
+ "deprecationReason": null,
1157
+ "description": "Data that measures the jitter for a specific link",
1158
+ "isDeprecated": false,
1159
+ "name": "link_health_jitter"
1160
+ },
1161
+ {
1162
+ "deprecationReason": null,
1163
+ "description": "Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP",
1164
+ "isDeprecated": false,
1165
+ "name": "link_health_latency"
1166
+ },
1167
+ {
1168
+ "deprecationReason": null,
1169
+ "description": "Data that measures the packet loss for a specific link",
1170
+ "isDeprecated": false,
1171
+ "name": "link_health_pkt_loss"
1172
+ },
1173
+ {
1174
+ "deprecationReason": null,
1175
+ "description": "Link type \u2013 Cato, Alt. WAN or LAG",
1176
+ "isDeprecated": false,
1177
+ "name": "link_type"
1178
+ },
1179
+ {
1180
+ "deprecationReason": null,
1181
+ "description": "The user logged into this endpoint during this event",
1182
+ "isDeprecated": false,
1183
+ "name": "logged_in_user"
1184
+ },
1185
+ {
1186
+ "deprecationReason": null,
1187
+ "description": "Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic)",
1188
+ "isDeprecated": false,
1189
+ "name": "login_type"
1190
+ },
1191
+ {
1192
+ "deprecationReason": null,
1193
+ "description": "Matched DLP data types related to the event",
1194
+ "isDeprecated": false,
1195
+ "name": "matched_data_types"
1196
+ },
1197
+ {
1198
+ "deprecationReason": null,
1199
+ "description": "Mitre attack subtechniques",
1200
+ "isDeprecated": false,
1201
+ "name": "mitre_attack_subtechniques"
1202
+ },
1203
+ {
1204
+ "deprecationReason": null,
1205
+ "description": "Mitre attack tactics",
1206
+ "isDeprecated": false,
1207
+ "name": "mitre_attack_tactics"
1208
+ },
1209
+ {
1210
+ "deprecationReason": null,
1211
+ "description": "Mitre attack techniques",
1212
+ "isDeprecated": false,
1213
+ "name": "mitre_attack_techniques"
1214
+ },
1215
+ {
1216
+ "deprecationReason": null,
1217
+ "description": "Network Access",
1218
+ "isDeprecated": false,
1219
+ "name": "network_access"
1220
+ },
1221
+ {
1222
+ "deprecationReason": null,
1223
+ "description": "Matched network rule",
1224
+ "isDeprecated": false,
1225
+ "name": "network_rule"
1226
+ },
1227
+ {
1228
+ "deprecationReason": null,
1229
+ "description": "For SaaS Security API, API Error of Apps Security Notification",
1230
+ "isDeprecated": false,
1231
+ "name": "notification_api_error"
1232
+ },
1233
+ {
1234
+ "deprecationReason": null,
1235
+ "description": "For SaaS Security API, description of Apps Security Notification",
1236
+ "isDeprecated": false,
1237
+ "name": "notification_description"
1238
+ },
1239
+ {
1240
+ "deprecationReason": null,
1241
+ "description": "Unique identifier by the 3rd party App of the object being referenced",
1242
+ "isDeprecated": false,
1243
+ "name": "object_id"
1244
+ },
1245
+ {
1246
+ "deprecationReason": null,
1247
+ "description": "The name of the object for this event (for example: file name)",
1248
+ "isDeprecated": false,
1249
+ "name": "object_name"
1250
+ },
1251
+ {
1252
+ "deprecationReason": null,
1253
+ "description": "Specifies the type of object being acted upon (e.g., file, folder)",
1254
+ "isDeprecated": false,
1255
+ "name": "object_type"
1256
+ },
1257
+ {
1258
+ "deprecationReason": null,
1259
+ "description": "Office mode Enabled/Disabled",
1260
+ "isDeprecated": false,
1261
+ "name": "office_mode"
1262
+ },
1263
+ {
1264
+ "deprecationReason": null,
1265
+ "description": "Host OS or tunnel device",
1266
+ "isDeprecated": false,
1267
+ "name": "os_type"
1268
+ },
1269
+ {
1270
+ "deprecationReason": null,
1271
+ "description": "OS version for the device (such as 14.3.0)",
1272
+ "isDeprecated": false,
1273
+ "name": "os_version"
1274
+ },
1275
+ {
1276
+ "deprecationReason": null,
1277
+ "description": "Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App)",
1278
+ "isDeprecated": false,
1279
+ "name": "out_of_band_access"
1280
+ },
1281
+ {
1282
+ "deprecationReason": null,
1283
+ "description": "For SaaS Security API, email address of the file owner",
1284
+ "isDeprecated": false,
1285
+ "name": "owner"
1286
+ },
1287
+ {
1288
+ "deprecationReason": null,
1289
+ "description": "Pac File Enabled/Disabled",
1290
+ "isDeprecated": false,
1291
+ "name": "pac_file"
1292
+ },
1293
+ {
1294
+ "deprecationReason": null,
1295
+ "description": "For SaaS Security API, parent Microsoft 365 connector",
1296
+ "isDeprecated": false,
1297
+ "name": "parent_connector_name"
1298
+ },
1299
+ {
1300
+ "deprecationReason": null,
1301
+ "description": "Name of PoP location",
1302
+ "isDeprecated": false,
1303
+ "name": "pop_name"
1304
+ },
1305
+ {
1306
+ "deprecationReason": null,
1307
+ "description": "Precedence",
1308
+ "isDeprecated": false,
1309
+ "name": "precedence"
1310
+ },
1311
+ {
1312
+ "deprecationReason": null,
1313
+ "description": "Indicate how many processes are part of this event",
1314
+ "isDeprecated": false,
1315
+ "name": "processes_count"
1316
+ },
1317
+ {
1318
+ "deprecationReason": null,
1319
+ "description": "Producer",
1320
+ "isDeprecated": false,
1321
+ "name": "producer"
1322
+ },
1323
+ {
1324
+ "deprecationReason": null,
1325
+ "description": "Related project name(s)",
1326
+ "isDeprecated": false,
1327
+ "name": "projects"
1328
+ },
1329
+ {
1330
+ "deprecationReason": null,
1331
+ "description": "Prompt Page Selected Action",
1332
+ "isDeprecated": false,
1333
+ "name": "prompt_action"
1334
+ },
1335
+ {
1336
+ "deprecationReason": null,
1337
+ "description": "The name of the provider, for example cloud provider - AWS",
1338
+ "isDeprecated": false,
1339
+ "name": "provider_name"
1340
+ },
1341
+ {
1342
+ "deprecationReason": null,
1343
+ "description": "Public source IP",
1344
+ "isDeprecated": false,
1345
+ "name": "public_ip"
1346
+ },
1347
+ {
1348
+ "deprecationReason": null,
1349
+ "description": "QoS Priority value",
1350
+ "isDeprecated": false,
1351
+ "name": "qos_priority"
1352
+ },
1353
+ {
1354
+ "deprecationReason": null,
1355
+ "description": "For QoS, the time that this QoS event started. The event is generated when the QoS event finishes",
1356
+ "isDeprecated": false,
1357
+ "name": "qos_reported_time"
1358
+ },
1359
+ {
1360
+ "deprecationReason": null,
1361
+ "description": "Specifies the path to a quarantine folder for isolated files",
1362
+ "isDeprecated": false,
1363
+ "name": "quarantine_folder_path"
1364
+ },
1365
+ {
1366
+ "deprecationReason": null,
1367
+ "description": "A Unique ID for the quarantined file",
1368
+ "isDeprecated": false,
1369
+ "name": "quarantine_uuid"
1370
+ },
1371
+ {
1372
+ "deprecationReason": null,
1373
+ "description": "Raw Data",
1374
+ "isDeprecated": false,
1375
+ "name": "raw_data"
1376
+ },
1377
+ {
1378
+ "deprecationReason": null,
1379
+ "description": "Textual recommendation of the steps to take",
1380
+ "isDeprecated": false,
1381
+ "name": "recommended_actions"
1382
+ },
1383
+ {
1384
+ "deprecationReason": null,
1385
+ "description": "The URL that links directly to the object involved in the activity",
1386
+ "isDeprecated": false,
1387
+ "name": "reference_url"
1388
+ },
1389
+ {
1390
+ "deprecationReason": null,
1391
+ "description": "Referer URL from the HTTP request header indicating the source of the request.",
1392
+ "isDeprecated": false,
1393
+ "name": "referer_url"
1394
+ },
1395
+ {
1396
+ "deprecationReason": null,
1397
+ "description": "The region of the object",
1398
+ "isDeprecated": false,
1399
+ "name": "region_name"
1400
+ },
1401
+ {
1402
+ "deprecationReason": null,
1403
+ "description": "Registration code used the first time that a SDP user authenticates (the code is partially obfuscated)",
1404
+ "isDeprecated": false,
1405
+ "name": "registration_code"
1406
+ },
1407
+ {
1408
+ "deprecationReason": null,
1409
+ "description": "The ID of the resource in the cloud provider",
1410
+ "isDeprecated": false,
1411
+ "name": "resource_id"
1412
+ },
1413
+ {
1414
+ "deprecationReason": null,
1415
+ "description": "(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low \u2013 ie. adware Medium \u2013 ie. network scans High \u2013 ie. spyware or worms",
1416
+ "isDeprecated": false,
1417
+ "name": "risk_level"
1418
+ },
1419
+ {
1420
+ "deprecationReason": null,
1421
+ "description": "Unique Cato ID for the security rule related to the event",
1422
+ "isDeprecated": false,
1423
+ "name": "rule_id"
1424
+ },
1425
+ {
1426
+ "deprecationReason": null,
1427
+ "description": "Rule name",
1428
+ "isDeprecated": false,
1429
+ "name": "rule_name"
1430
+ },
1431
+ {
1432
+ "deprecationReason": null,
1433
+ "description": "Indicates the internal vendor service or module that produced the data reported in this event",
1434
+ "isDeprecated": false,
1435
+ "name": "service_name"
1436
+ },
1437
+ {
1438
+ "deprecationReason": null,
1439
+ "description": "Severity defined for the rule",
1440
+ "isDeprecated": false,
1441
+ "name": "severity"
1442
+ },
1443
+ {
1444
+ "deprecationReason": null,
1445
+ "description": "Sharing Options for the file (such as SharePoint)",
1446
+ "isDeprecated": false,
1447
+ "name": "sharing_scope"
1448
+ },
1449
+ {
1450
+ "deprecationReason": null,
1451
+ "description": "Sign In Types",
1452
+ "isDeprecated": false,
1453
+ "name": "sign_in_event_types"
1454
+ },
1455
+ {
1456
+ "deprecationReason": null,
1457
+ "description": "For IPS and SAM, ID of the IPS signature",
1458
+ "isDeprecated": false,
1459
+ "name": "signature_id"
1460
+ },
1461
+ {
1462
+ "deprecationReason": null,
1463
+ "description": "Name for Socket interface",
1464
+ "isDeprecated": false,
1465
+ "name": "socket_interface"
1466
+ },
1467
+ {
1468
+ "deprecationReason": null,
1469
+ "description": "Socket interface ID",
1470
+ "isDeprecated": false,
1471
+ "name": "socket_interface_id"
1472
+ },
1473
+ {
1474
+ "deprecationReason": null,
1475
+ "description": "For Socket upgrades, new version number",
1476
+ "isDeprecated": false,
1477
+ "name": "socket_new_version"
1478
+ },
1479
+ {
1480
+ "deprecationReason": null,
1481
+ "description": "For Socket upgrade, previous version number",
1482
+ "isDeprecated": false,
1483
+ "name": "socket_old_version"
1484
+ },
1485
+ {
1486
+ "deprecationReason": null,
1487
+ "description": "Type of Socket reset (Hardware/Software)",
1488
+ "isDeprecated": false,
1489
+ "name": "socket_reset"
1490
+ },
1491
+ {
1492
+ "deprecationReason": null,
1493
+ "description": "For Socket HA events, indicates if the Socket is primary or secondary",
1494
+ "isDeprecated": false,
1495
+ "name": "socket_role"
1496
+ },
1497
+ {
1498
+ "deprecationReason": null,
1499
+ "description": "Socket serial number",
1500
+ "isDeprecated": false,
1501
+ "name": "socket_serial"
1502
+ },
1503
+ {
1504
+ "deprecationReason": null,
1505
+ "description": "Socket version number",
1506
+ "isDeprecated": false,
1507
+ "name": "socket_version"
1508
+ },
1509
+ {
1510
+ "deprecationReason": null,
1511
+ "description": "Split Tunnel Configuration",
1512
+ "isDeprecated": false,
1513
+ "name": "split_tunnel_configuration"
1514
+ },
1515
+ {
1516
+ "deprecationReason": null,
1517
+ "description": "Country in which the source host is located (detected via public IP address)",
1518
+ "isDeprecated": false,
1519
+ "name": "src_country"
1520
+ },
1521
+ {
1522
+ "deprecationReason": null,
1523
+ "description": "Country Code of country in which the source host is located (detected via public IP address)",
1524
+ "isDeprecated": false,
1525
+ "name": "src_country_code"
1526
+ },
1527
+ {
1528
+ "deprecationReason": null,
1529
+ "description": "IP for host or Cato Client",
1530
+ "isDeprecated": false,
1531
+ "name": "src_ip"
1532
+ },
1533
+ {
1534
+ "deprecationReason": null,
1535
+ "description": "Source type: site or remote user",
1536
+ "isDeprecated": false,
1537
+ "name": "src_is_site_or_vpn"
1538
+ },
1539
+ {
1540
+ "deprecationReason": null,
1541
+ "description": "IP address provided by ISP to site or Client",
1542
+ "isDeprecated": false,
1543
+ "name": "src_isp_ip"
1544
+ },
1545
+ {
1546
+ "deprecationReason": null,
1547
+ "description": "Source process ID",
1548
+ "isDeprecated": false,
1549
+ "name": "src_pid"
1550
+ },
1551
+ {
1552
+ "deprecationReason": null,
1553
+ "description": "Internal port number",
1554
+ "isDeprecated": false,
1555
+ "name": "src_port"
1556
+ },
1557
+ {
1558
+ "deprecationReason": null,
1559
+ "description": "Source process command line",
1560
+ "isDeprecated": false,
1561
+ "name": "src_process_cmdline"
1562
+ },
1563
+ {
1564
+ "deprecationReason": null,
1565
+ "description": "Source process parent file path",
1566
+ "isDeprecated": false,
1567
+ "name": "src_process_parent_path"
1568
+ },
1569
+ {
1570
+ "deprecationReason": null,
1571
+ "description": "Source process parent process ID",
1572
+ "isDeprecated": false,
1573
+ "name": "src_process_parent_pid"
1574
+ },
1575
+ {
1576
+ "deprecationReason": null,
1577
+ "description": "Source process file path",
1578
+ "isDeprecated": false,
1579
+ "name": "src_process_path"
1580
+ },
1581
+ {
1582
+ "deprecationReason": null,
1583
+ "description": "Unique internal Cato ID for the site or remote user",
1584
+ "isDeprecated": false,
1585
+ "name": "src_site_id"
1586
+ },
1587
+ {
1588
+ "deprecationReason": null,
1589
+ "description": "Source site or remote user",
1590
+ "isDeprecated": false,
1591
+ "name": "src_site_name"
1592
+ },
1593
+ {
1594
+ "deprecationReason": null,
1595
+ "description": "Static host",
1596
+ "isDeprecated": false,
1597
+ "name": "static_host"
1598
+ },
1599
+ {
1600
+ "deprecationReason": null,
1601
+ "description": "The story status.\nPossible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring",
1602
+ "isDeprecated": false,
1603
+ "name": "status"
1604
+ },
1605
+ {
1606
+ "deprecationReason": null,
1607
+ "description": "Story Id",
1608
+ "isDeprecated": false,
1609
+ "name": "story_id"
1610
+ },
1611
+ {
1612
+ "deprecationReason": null,
1613
+ "description": "Name of subnet as defined in Cato Management Application",
1614
+ "isDeprecated": false,
1615
+ "name": "subnet_name"
1616
+ },
1617
+ {
1618
+ "deprecationReason": null,
1619
+ "description": "The name of the subscription",
1620
+ "isDeprecated": false,
1621
+ "name": "subscription_name"
1622
+ },
1623
+ {
1624
+ "deprecationReason": null,
1625
+ "description": "Number of targets (servers) associated with this event",
1626
+ "isDeprecated": false,
1627
+ "name": "targets_cardinality"
1628
+ },
1629
+ {
1630
+ "deprecationReason": null,
1631
+ "description": "Shows if traffic was TCP accelerated or not",
1632
+ "isDeprecated": false,
1633
+ "name": "tcp_acceleration"
1634
+ },
1635
+ {
1636
+ "deprecationReason": null,
1637
+ "description": "Unique identifier for the tenant within a multi-tenant environment",
1638
+ "isDeprecated": false,
1639
+ "name": "tenant_id"
1640
+ },
1641
+ {
1642
+ "deprecationReason": null,
1643
+ "description": "Tenant Name",
1644
+ "isDeprecated": false,
1645
+ "name": "tenant_name"
1646
+ },
1647
+ {
1648
+ "deprecationReason": null,
1649
+ "description": "Tenant Restriction Rule Name",
1650
+ "isDeprecated": false,
1651
+ "name": "tenant_restriction_rule_name"
1652
+ },
1653
+ {
1654
+ "deprecationReason": null,
1655
+ "description": "Contains the detection risk level. Could be one of the following:\n\u2022 Info - this is information-only event, the activity is not malicious;\n\u2022 Suspicious - the event is suspicious. It may be malicious, but there is not enough information\n\u2022 Malware - the event is malicious activity",
1656
+ "isDeprecated": false,
1657
+ "name": "threat_confidence"
1658
+ },
1659
+ {
1660
+ "deprecationReason": null,
1661
+ "description": "For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked",
1662
+ "isDeprecated": false,
1663
+ "name": "threat_name"
1664
+ },
1665
+ {
1666
+ "deprecationReason": null,
1667
+ "description": "Link to external malware reference",
1668
+ "isDeprecated": false,
1669
+ "name": "threat_reference"
1670
+ },
1671
+ {
1672
+ "deprecationReason": null,
1673
+ "description": "The higher the score, the more dangerous the event. In range between 1 - 100 inclusive",
1674
+ "isDeprecated": false,
1675
+ "name": "threat_score"
1676
+ },
1677
+ {
1678
+ "deprecationReason": null,
1679
+ "description": "Type of malware event",
1680
+ "isDeprecated": false,
1681
+ "name": "threat_type"
1682
+ },
1683
+ {
1684
+ "deprecationReason": null,
1685
+ "description": "Result of malware event (clean indicates a safe file)",
1686
+ "isDeprecated": false,
1687
+ "name": "threat_verdict"
1688
+ },
1689
+ {
1690
+ "deprecationReason": null,
1691
+ "description": "Time stamp of the event (Linux epoch format)",
1692
+ "isDeprecated": false,
1693
+ "name": "time"
1694
+ },
1695
+ {
1696
+ "deprecationReason": null,
1697
+ "description": "Time stamp of the event (Human-readable format)",
1698
+ "isDeprecated": false,
1699
+ "name": "time_str"
1700
+ },
1701
+ {
1702
+ "deprecationReason": null,
1703
+ "description": "A short summary of the activity",
1704
+ "isDeprecated": false,
1705
+ "name": "title"
1706
+ },
1707
+ {
1708
+ "deprecationReason": null,
1709
+ "description": "TLS Certificate Error",
1710
+ "isDeprecated": false,
1711
+ "name": "tls_certificate_error"
1712
+ },
1713
+ {
1714
+ "deprecationReason": null,
1715
+ "description": "TLS Error Description",
1716
+ "isDeprecated": false,
1717
+ "name": "tls_error_description"
1718
+ },
1719
+ {
1720
+ "deprecationReason": null,
1721
+ "description": "TLS Error Type",
1722
+ "isDeprecated": false,
1723
+ "name": "tls_error_type"
1724
+ },
1725
+ {
1726
+ "deprecationReason": null,
1727
+ "description": "Shows if traffic was TLS inspected or not",
1728
+ "isDeprecated": false,
1729
+ "name": "tls_inspection"
1730
+ },
1731
+ {
1732
+ "deprecationReason": null,
1733
+ "description": "TLS Inspection rule name",
1734
+ "isDeprecated": false,
1735
+ "name": "tls_rule_name"
1736
+ },
1737
+ {
1738
+ "deprecationReason": null,
1739
+ "description": "TLS Version",
1740
+ "isDeprecated": false,
1741
+ "name": "tls_version"
1742
+ },
1743
+ {
1744
+ "deprecationReason": null,
1745
+ "description": "Direction of network traffic for this event, values are inbound or outbound",
1746
+ "isDeprecated": false,
1747
+ "name": "traffic_direction"
1748
+ },
1749
+ {
1750
+ "deprecationReason": null,
1751
+ "description": "Translated Client IP",
1752
+ "isDeprecated": false,
1753
+ "name": "translated_client_ip"
1754
+ },
1755
+ {
1756
+ "deprecationReason": null,
1757
+ "description": "Translated Server IP",
1758
+ "isDeprecated": false,
1759
+ "name": "translated_server_ip"
1760
+ },
1761
+ {
1762
+ "deprecationReason": null,
1763
+ "description": "Trigger",
1764
+ "isDeprecated": false,
1765
+ "name": "trigger"
1766
+ },
1767
+ {
1768
+ "deprecationReason": null,
1769
+ "description": "Trust Type",
1770
+ "isDeprecated": false,
1771
+ "name": "trust_type"
1772
+ },
1773
+ {
1774
+ "deprecationReason": null,
1775
+ "description": "Trusted networks Enabled/Disabled",
1776
+ "isDeprecated": false,
1777
+ "name": "trusted_networks"
1778
+ },
1779
+ {
1780
+ "deprecationReason": null,
1781
+ "description": "Tunnel Protocol TCP/UDP",
1782
+ "isDeprecated": false,
1783
+ "name": "tunnel_ip_protocol"
1784
+ },
1785
+ {
1786
+ "deprecationReason": null,
1787
+ "description": "Protocol for the tunnel",
1788
+ "isDeprecated": false,
1789
+ "name": "tunnel_protocol"
1790
+ },
1791
+ {
1792
+ "deprecationReason": null,
1793
+ "description": "Socket upgrade end time (Linux epoch format):",
1794
+ "isDeprecated": false,
1795
+ "name": "upgrade_end_time"
1796
+ },
1797
+ {
1798
+ "deprecationReason": null,
1799
+ "description": "Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin)",
1800
+ "isDeprecated": false,
1801
+ "name": "upgrade_initiated_by"
1802
+ },
1803
+ {
1804
+ "deprecationReason": null,
1805
+ "description": "Socket upgrade start time (Linux epoch format)",
1806
+ "isDeprecated": false,
1807
+ "name": "upgrade_start_time"
1808
+ },
1809
+ {
1810
+ "deprecationReason": null,
1811
+ "description": "URL associated with the event",
1812
+ "isDeprecated": false,
1813
+ "name": "url"
1814
+ },
1815
+ {
1816
+ "deprecationReason": null,
1817
+ "description": "User Agent",
1818
+ "isDeprecated": false,
1819
+ "name": "user_agent"
1820
+ },
1821
+ {
1822
+ "deprecationReason": null,
1823
+ "description": "Method used to get identity with User Awareness (such as Identity Agent)",
1824
+ "isDeprecated": false,
1825
+ "name": "user_awareness_method"
1826
+ },
1827
+ {
1828
+ "deprecationReason": null,
1829
+ "description": "User ID",
1830
+ "isDeprecated": false,
1831
+ "name": "user_id"
1832
+ },
1833
+ {
1834
+ "deprecationReason": null,
1835
+ "description": "User that generated the event",
1836
+ "isDeprecated": false,
1837
+ "name": "user_name"
1838
+ },
1839
+ {
1840
+ "deprecationReason": null,
1841
+ "description": "For Block/Prompt page, reference ID to report incorrect category",
1842
+ "isDeprecated": false,
1843
+ "name": "user_reference_id"
1844
+ },
1845
+ {
1846
+ "deprecationReason": null,
1847
+ "description": "User risk level category",
1848
+ "isDeprecated": false,
1849
+ "name": "user_risk_level"
1850
+ },
1851
+ {
1852
+ "deprecationReason": null,
1853
+ "description": "The vendor that identified the incident, such as Cato or Microsoft",
1854
+ "isDeprecated": false,
1855
+ "name": "vendor"
1856
+ },
1857
+ {
1858
+ "deprecationReason": null,
1859
+ "description": "Shows the id of the target user involved in an activity",
1860
+ "isDeprecated": false,
1861
+ "name": "vendor_collaborator_id"
1862
+ },
1863
+ {
1864
+ "deprecationReason": null,
1865
+ "description": "Vendor Device Id",
1866
+ "isDeprecated": false,
1867
+ "name": "vendor_device_id"
1868
+ },
1869
+ {
1870
+ "deprecationReason": null,
1871
+ "description": "Vendor Device Name",
1872
+ "isDeprecated": false,
1873
+ "name": "vendor_device_name"
1874
+ },
1875
+ {
1876
+ "deprecationReason": null,
1877
+ "description": "Vendor Event Id",
1878
+ "isDeprecated": false,
1879
+ "name": "vendor_event_id"
1880
+ },
1881
+ {
1882
+ "deprecationReason": null,
1883
+ "description": "Third party vendor policy description",
1884
+ "isDeprecated": false,
1885
+ "name": "vendor_policy_description"
1886
+ },
1887
+ {
1888
+ "deprecationReason": null,
1889
+ "description": "Third party vendor policy ID",
1890
+ "isDeprecated": false,
1891
+ "name": "vendor_policy_id"
1892
+ },
1893
+ {
1894
+ "deprecationReason": null,
1895
+ "description": "Third party vendor policy name",
1896
+ "isDeprecated": false,
1897
+ "name": "vendor_policy_name"
1898
+ },
1899
+ {
1900
+ "deprecationReason": null,
1901
+ "description": "Identifies the user in the vendor\u2019s system",
1902
+ "isDeprecated": false,
1903
+ "name": "vendor_user_id"
1904
+ },
1905
+ {
1906
+ "deprecationReason": null,
1907
+ "description": "Unique Cato Visible ID for devices",
1908
+ "isDeprecated": false,
1909
+ "name": "visible_device_id"
1910
+ },
1911
+ {
1912
+ "deprecationReason": null,
1913
+ "description": "Lan access Allowed / Blocked",
1914
+ "isDeprecated": false,
1915
+ "name": "vpn_lan_access"
1916
+ },
1917
+ {
1918
+ "deprecationReason": null,
1919
+ "description": "User\u2019s email address",
1920
+ "isDeprecated": false,
1921
+ "name": "vpn_user_email"
1922
+ },
1923
+ {
1924
+ "deprecationReason": null,
1925
+ "description": "For LDAP sync events, name of the AD domain",
1926
+ "isDeprecated": false,
1927
+ "name": "windows_domain_name"
1928
+ },
1929
+ {
1930
+ "deprecationReason": null,
1931
+ "description": "XFF HTTP header indicates the original IP address for the connections",
1932
+ "isDeprecated": false,
1933
+ "name": "xff"
1934
+ }
1935
+ ],
1936
+ "fields": null,
1937
+ "inputFields": null,
1938
+ "interfaces": null,
1939
+ "kind": "ENUM",
1940
+ "name": "EventFieldName",
1941
+ "possibleTypes": null
1942
+ },
1943
+ "indexType": "enum",
1944
+ "kind": [
1945
+ "LIST",
1946
+ "NON_NULL",
1947
+ "ENUM"
1948
+ ],
1949
+ "name": "EventFieldName",
1950
+ "non_null": false
1951
+ },
1952
+ "varName": "fieldNames"
1953
+ },
368
1954
  "marker": {
369
1955
  "defaultValue": null,
370
1956
  "description": "Marker to use to get results from",
@@ -2215,6 +3801,7 @@
2215
3801
  "string2"
2216
3802
  ]
2217
3803
  },
3804
+ "fieldNames": "access_method",
2218
3805
  "marker": "string"
2219
3806
  }
2220
3807
  }