catocli 3.0.18__py3-none-any.whl → 3.0.24__py3-none-any.whl

catocli/parsers/mutation_site/__init__.py

@@ -114,21 +114,6 @@ def mutation_site_parse(mutation_subparsers):
     mutation_site_addSocketSite_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
     mutation_site_addSocketSite_parser.set_defaults(func=createRequest,operation_name='mutation.site.addSocketSite')
 
-    mutation_site_updateSiteGeneralDetails_parser = mutation_site_subparsers.add_parser('updateSiteGeneralDetails', 
-            help='updateSiteGeneralDetails() site operation', 
-            usage=get_help("mutation_site_updateSiteGeneralDetails"))
-
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('-accountID', help='The cato account ID to use for this operation. Overrides the account_id value in the profile setting.  This is use for reseller and MSP accounts to run queries against cato sub accounts from the parent account.')
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('-n', '--stream-events', dest='stream_events', help='Send events over network to host:port TCP')
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
-    mutation_site_updateSiteGeneralDetails_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
-    mutation_site_updateSiteGeneralDetails_parser.set_defaults(func=createRequest,operation_name='mutation.site.updateSiteGeneralDetails')
-
     mutation_site_removeSite_parser = mutation_site_subparsers.add_parser('removeSite', 
             help='removeSite() site operation', 
             usage=get_help("mutation_site_removeSite"))
@@ -519,6 +504,21 @@ def mutation_site_parse(mutation_subparsers):
     mutation_site_removeSiteBwLicense_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
     mutation_site_removeSiteBwLicense_parser.set_defaults(func=createRequest,operation_name='mutation.site.removeSiteBwLicense')
 
+    mutation_site_updateSiteGeneralDetails_parser = mutation_site_subparsers.add_parser('updateSiteGeneralDetails', 
+            help='updateSiteGeneralDetails() site operation', 
+            usage=get_help("mutation_site_updateSiteGeneralDetails"))
+
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('-accountID', help='The cato account ID to use for this operation. Overrides the account_id value in the profile setting.  This is use for reseller and MSP accounts to run queries against cato sub accounts from the parent account.')
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('-n', '--stream-events', dest='stream_events', help='Send events over network to host:port TCP')
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
+    mutation_site_updateSiteGeneralDetails_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+    mutation_site_updateSiteGeneralDetails_parser.set_defaults(func=createRequest,operation_name='mutation.site.updateSiteGeneralDetails')
+
     mutation_site_addSocketAddOnCard_parser = mutation_site_subparsers.add_parser('addSocketAddOnCard', 
             help='addSocketAddOnCard() site operation', 
             usage=get_help("mutation_site_addSocketAddOnCard"))

catocli/parsers/mutation_sites/__init__.py

@@ -114,21 +114,6 @@ def mutation_sites_parse(mutation_subparsers):
     mutation_sites_addSocketSite_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
     mutation_sites_addSocketSite_parser.set_defaults(func=createRequest,operation_name='mutation.sites.addSocketSite')
 
-    mutation_sites_updateSiteGeneralDetails_parser = mutation_sites_subparsers.add_parser('updateSiteGeneralDetails', 
-            help='updateSiteGeneralDetails() sites operation', 
-            usage=get_help("mutation_sites_updateSiteGeneralDetails"))
-
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-accountID', help='The cato account ID to use for this operation. Overrides the account_id value in the profile setting.  This is use for reseller and MSP accounts to run queries against cato sub accounts from the parent account.')
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-n', '--stream-events', dest='stream_events', help='Send events over network to host:port TCP')
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
-    mutation_sites_updateSiteGeneralDetails_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
-    mutation_sites_updateSiteGeneralDetails_parser.set_defaults(func=createRequest,operation_name='mutation.sites.updateSiteGeneralDetails')
-
     mutation_sites_removeSite_parser = mutation_sites_subparsers.add_parser('removeSite', 
             help='removeSite() sites operation', 
             usage=get_help("mutation_sites_removeSite"))
@@ -519,6 +504,21 @@ def mutation_sites_parse(mutation_subparsers):
     mutation_sites_removeSiteBwLicense_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
     mutation_sites_removeSiteBwLicense_parser.set_defaults(func=createRequest,operation_name='mutation.sites.removeSiteBwLicense')
 
+    mutation_sites_updateSiteGeneralDetails_parser = mutation_sites_subparsers.add_parser('updateSiteGeneralDetails', 
+            help='updateSiteGeneralDetails() sites operation', 
+            usage=get_help("mutation_sites_updateSiteGeneralDetails"))
+
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-accountID', help='The cato account ID to use for this operation. Overrides the account_id value in the profile setting.  This is use for reseller and MSP accounts to run queries against cato sub accounts from the parent account.')
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-n', '--stream-events', dest='stream_events', help='Send events over network to host:port TCP')
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
+    mutation_sites_updateSiteGeneralDetails_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+    mutation_sites_updateSiteGeneralDetails_parser.set_defaults(func=createRequest,operation_name='mutation.sites.updateSiteGeneralDetails')
+
     mutation_sites_addSocketAddOnCard_parser = mutation_sites_subparsers.add_parser('addSocketAddOnCard', 
             help='addSocketAddOnCard() sites operation', 
             usage=get_help("mutation_sites_addSocketAddOnCard"))

catocli/parsers/query_accountMetrics/README.md

@@ -38,6 +38,96 @@ catocli query accountMetrics '{
 }'
 ```
 
+## Advanced Usage
+### Additional Examples
+- Example all values and lables
+- Example all values and lables for a single account
+- Example all values and lables for a single user
+- Last hour no filters
+
+# Example all values and lables
+
+```bash
+# Example all values and lables for a single account
+catocli query accountMetrics '{
+    "buckets": 24,
+    "groupDevices": true,
+    "groupInterfaces": true,
+    "labels": [
+        "bytesDownstream",
+        "bytesDownstreamMax",
+        "bytesTotal",
+        "bytesUpstream",
+        "bytesUpstreamMax",
+        "health",
+        "jitterDownstream",
+        "jitterUpstream",
+        "lastMileLatency",
+        "lastMilePacketLoss",
+        "lostDownstream",
+        "lostDownstreamPcnt",
+        "lostUpstream",
+        "lostUpstreamPcnt",
+        "packetsDiscardedDownstream",
+        "packetsDiscardedDownstreamPcnt",
+        "packetsDiscardedUpstream",
+        "packetsDiscardedUpstreamPcnt",
+        "packetsDownstream",
+        "packetsUpstream",
+        "rtt",
+        "tunnelAge"
+    ],
+    "perSecond": true,
+    "siteIDs": [
+        "132814"
+    ],
+    "timeFrame": "last.P1D",
+    "toRate": true,
+    "useDefaultSizeBucket": true,
+    "withMissingData": true
+}' 
+```
+
+# Example all values and lables for a single user
+
+```bash
+# Example all values and lables for a single user
+catocli query accountMetrics '{
+    "buckets": 24,
+    "labels": [
+        "health",
+        "jitterDownstream",
+        "jitterUpstream",
+        "lastMileLatency",
+        "lastMilePacketLoss",
+        "lostDownstream",
+        "lostDownstreamPcnt",
+        "lostUpstream",
+        "lostUpstreamPcnt",
+        "packetsDiscardedDownstream",
+        "packetsDiscardedDownstreamPcnt",
+        "packetsDiscardedUpstream",
+        "packetsDiscardedUpstreamPcnt",
+        "packetsDownstream",
+        "packetsUpstream"
+    ],
+    "timeFrame": "last.PT1H",
+    "userIDs": [
+        "0"
+    ]
+}'
+```
+
+# Last hour no filters
+
+```bash
+# Last hour no filters
+catocli query accountMetrics '{ 
+    "timeFrame":"last.PT1H"
+}'
+```
+
+
 
 #### TimeFrame Parameter Examples
 

catocli/parsers/query_accountMetrics/__init__.py

@@ -16,4 +16,10 @@ def query_accountMetrics_parse(query_subparsers):
     query_accountMetrics_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
     query_accountMetrics_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
     query_accountMetrics_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+
+
+    query_accountMetrics_parser.add_argument('-f', '--format', choices=['json', 'csv'], help='Output format (default: formatted json, use -raw for original json)')
+    query_accountMetrics_parser.add_argument('-raw', '--raw', dest='raw_output', action='store_true', help='Return raw/original JSON format (bypasses default formatting)')
+    query_accountMetrics_parser.add_argument('--csv-filename', dest='csv_filename', help='Override CSV file name (default: accountmetrics.csv)')
+    query_accountMetrics_parser.add_argument('--append-timestamp', dest='append_timestamp', action='store_true', help='Append timestamp to the CSV file name')
     query_accountMetrics_parser.set_defaults(func=createRequest,operation_name='query.accountMetrics')

catocli/parsers/query_appStats/README.md

@@ -74,7 +74,7 @@ catocli query appStats '{
 # Query to export application_name, user_name and risk_score with traffic sum(upstream, downstream, trafffic) for last day
 
 ```bash
-## Query to export application_name, user_name and risk_score with traffic sum(upstream, downstream, trafffic) for last day
+## Query to export application_name, user_name and risk_score with traffic sum(upstream, downstream, trafffic) for last day exported to csv format
 catocli query appStats '{
     "appStatsFilter": [],
     "appStatsSort": [],
@@ -104,7 +104,7 @@ catocli query appStats '{
         }
     ],
     "timeFrame": "last.P1D"
-}' -f csv
+}' -f csv --csv-filename app_user_account_metrics_report.csv
 ```
 
 

catocli/parsers/query_appStats/__init__.py

@@ -17,7 +17,9 @@ def query_appStats_parse(query_subparsers):
     query_appStats_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
     query_appStats_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
 
-    query_appStats_parser.add_argument('-f', '--format', choices=['json', 'csv'], default='json', help='Output format (default: json)')
-    query_appStats_parser.add_argument('--csv-filename', dest='csv_filename', help='Override CSV file name (default: accountmetrics.csv)')
+
+    query_appStats_parser.add_argument('-f', '--format', choices=['json', 'csv'], help='Output format (default: formatted json, use -raw for original json)')
+    query_appStats_parser.add_argument('-raw', '--raw', dest='raw_output', action='store_true', help='Return raw/original JSON format (bypasses default formatting)')
+    query_appStats_parser.add_argument('--csv-filename', dest='csv_filename', help='Override CSV file name (default: appstats.csv)')
     query_appStats_parser.add_argument('--append-timestamp', dest='append_timestamp', action='store_true', help='Append timestamp to the CSV file name')
     query_appStats_parser.set_defaults(func=createRequest,operation_name='query.appStats')

catocli/parsers/query_appStatsTimeSeries/__init__.py

@@ -17,7 +17,9 @@ def query_appStatsTimeSeries_parse(query_subparsers):
     query_appStatsTimeSeries_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
     query_appStatsTimeSeries_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
 
-    query_appStatsTimeSeries_parser.add_argument('-f', '--format', choices=['json', 'csv'], default='json', help='Output format (default: json)')
-    query_appStatsTimeSeries_parser.add_argument('--csv-filename', dest='csv_filename', help='Override CSV file name (default: accountmetrics.csv)')
+
+    query_appStatsTimeSeries_parser.add_argument('-f', '--format', choices=['json', 'csv'], help='Output format (default: formatted json, use -raw for original json)')
+    query_appStatsTimeSeries_parser.add_argument('-raw', '--raw', dest='raw_output', action='store_true', help='Return raw/original JSON format (bypasses default formatting)')
+    query_appStatsTimeSeries_parser.add_argument('--csv-filename', dest='csv_filename', help='Override CSV file name (default: appstatstimeseries.csv)')
     query_appStatsTimeSeries_parser.add_argument('--append-timestamp', dest='append_timestamp', action='store_true', help='Append timestamp to the CSV file name')
     query_appStatsTimeSeries_parser.set_defaults(func=createRequest,operation_name='query.appStatsTimeSeries')

catocli/parsers/query_eventsTimeSeries/README.md

@@ -38,6 +38,286 @@ catocli query eventsTimeSeries '{
 }'
 ```
 
+## Advanced Usage
+### Additional Examples
+- Weekly break down by hour of Internet Firewall events by rule_name
+- Weekly hourly breakdown by hour of sum of site events
+- 1 hour in 5 min increments of sum of site events used for detecting throttling
+- Basic Event Count Query with enhanced formatting
+- Basic Event Count Query - Returns formatted JSON with granularity-adjusted values
+- Security Events Analysis
+- Security Events Analysis - Daily breakdown of security events
+- Connectivity Events by Country
+- Connectivity Events by Country - Weekly breakdown with country dimensions
+- Threat Analysis with Trend
+- Threat Analysis with Trend - Monthly threat score analysis
+- Socket Connectivity Analysis
+- Socket Connectivity Analysis - Connection events by socket interface
+
+# Weekly break down by hour of Internet Firewall events by rule_name
+
+```bash
+# Weekly break down by hour of Internet Firewall events by rule_name
+catocli query eventsTimeSeries '{
+    "buckets": 168,
+    "eventsDimension": [
+        {
+            "fieldName": "rule_name"
+        }
+    ],
+    "eventsFilter": [
+        {
+            "fieldName": "event_sub_type",
+            "operator": "is",
+            "values": [
+                "Internet Firewall"
+            ]
+        }
+    ],
+    "eventsMeasure": [
+        {
+            "aggType": "sum",
+            "fieldName": "event_count"
+        }
+    ],
+    "timeFrame": "last.P7D"
+}'
+```
+
+# Weekly hourly breakdown by hour of sum of site events
+
+```bash
+# Weekly hourly breakdown by hour of sum of site events
+catocli query eventsTimeSeries -accountID=15412 '{
+    "buckets": 168,
+    "eventsDimension": [],
+    "eventsFilter": [
+        {
+            "fieldName": "src_is_site_or_vpn",
+            "operator": "is",
+            "values": [
+                "Site"
+            ]
+        }
+    ],
+    "eventsMeasure": [
+        {
+            "aggType": "sum",
+            "fieldName": "event_count"
+        }
+    ],
+    "timeFrame": "last.P7D"
+}'
+```
+
+
+# 1 hour in 5 min increments of sum of site events used for detecting throttling
+
+```bash
+# 1 hour in 5 min increments of sum of site events used for detecting throttling
+catocli query eventsTimeSeries -accountID=15412 '{
+    "buckets": 12,
+    "eventsDimension": [],
+    "eventsFilter": [
+        {
+            "fieldName": "src_is_site_or_vpn",
+            "operator": "is",
+            "values": [
+                "Site"
+            ]
+        }
+    ],
+    "eventsMeasure": [
+        {
+            "aggType": "sum",
+            "fieldName": "event_count"
+        }
+    ],
+    "timeFrame": "last.P1D"
+}'
+```
+
+
+
+
+# Basic Event Count Query with enhanced formatting
+
+```bash
+# Basic Event Count Query - Returns formatted JSON with granularity-adjusted values
+catocli query eventsTimeSeries '{
+    "buckets": 4,
+    "eventsDimension": [],
+    "eventsFilter": [],
+    "eventsMeasure": [
+        {
+            "aggType": "sum",
+            "fieldName": "event_count"
+        }
+    ],
+    "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"
+}'
+```
+
+# Security Events Analysis
+
+```bash
+# Security Events Analysis - Daily breakdown of security events
+catocli query eventsTimeSeries '{
+    "buckets": 24,
+    "eventsDimension": [],
+    "eventsFilter": [
+        {
+            "fieldName": "event_type",
+            "operator": "is",
+            "values": ["Security"]
+        }
+    ],
+    "eventsMeasure": [
+        {
+            "aggType": "sum",
+            "fieldName": "event_count"
+        }
+    ],
+    "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"
+}'
+```
+
+# Connectivity Events by Country
+
+```bash
+# Connectivity Events by Country - Weekly breakdown with country dimensions
+catocli query eventsTimeSeries '{
+    "buckets": 7,
+    "eventsDimension": [
+        {
+            "fieldName": "src_country"
+        }
+    ],
+    "eventsFilter": [
+        {
+            "fieldName": "event_type",
+            "operator": "is",
+            "values": ["Connectivity"]
+        }
+    ],
+    "eventsMeasure": [
+        {
+            "aggType": "sum",
+            "fieldName": "event_count"
+        }
+    ],
+    "timeFrame": "utc.2023-03-{01/00:00:00--07/23:59:59}"
+}'
+```
+
+# Threat Analysis with Trend
+
+```bash
+# Threat Analysis with Trend - Monthly threat score analysis
+catocli query eventsTimeSeries '{
+    "buckets": 31,
+    "eventsDimension": [],
+    "eventsFilter": [
+        {
+            "fieldName": "event_type",
+            "operator": "is",
+            "values": ["Security"]
+        },
+        {
+            "fieldName": "threat_score",
+            "operator": "gt",
+            "values": ["50"]
+        }
+    ],
+    "eventsMeasure": [
+        {
+            "aggType": "avg",
+            "fieldName": "threat_score"
+        }
+    ],
+    "timeFrame": "utc.2023-01-{01/00:00:00--31/23:59:59}"
+}'
+```
+
+# Socket Connectivity Analysis
+
+```bash
+# Socket Connectivity Analysis - Connection events by socket interface
+catocli query eventsTimeSeries '{
+    "buckets": 28,
+    "eventsDimension": [
+        {
+            "fieldName": "socket_interface"
+        }
+    ],
+    "eventsFilter": [
+        {
+            "fieldName": "event_type",
+            "operator": "is",
+            "values": ["Connectivity"]
+        },
+        {
+            "fieldName": "event_sub_type",
+            "operator": "in",
+            "values": ["Connected", "Disconnected"]
+        }
+    ],
+    "eventsMeasure": [
+        {
+            "aggType": "sum",
+            "fieldName": "event_count"
+        }
+    ],
+    "timeFrame": "utc.2023-02-{01/00:00:00--28/23:59:59}"
+}'
+```
+
+## Output Format Options
+
+The eventsTimeSeries query supports multiple output formats:
+
+### Enhanced JSON Format (default)
+Returns formatted JSON with granularity multiplication applied to sum aggregations when appropriate:
+```bash
+catocli query eventsTimeSeries '{...}'
+```
+
+### Raw JSON Format
+Returns the original API response without formatting:
+```bash
+catocli query eventsTimeSeries '{...}' -raw
+```
+
+### CSV Format
+Exports data to CSV file with granularity-adjusted values:
+```bash
+catocli query eventsTimeSeries '{...}' -f csv
+```
+
+### Custom CSV filename with timestamp
+```bash
+catocli query eventsTimeSeries '{...}' -f csv --csv-filename "my_events" --append-timestamp
+```
+
+## Granularity Multiplication
+
+When using sum aggregations on count fields like `event_count`, the formatter automatically multiplies fractional values by the granularity period to provide meaningful totals. This is especially useful for time-series data where the API returns normalized values that need to be scaled to the actual time period.
+
+**Example:**
+- Original API value: 0.096 events per period
+- Granularity: 3600 seconds (1 hour)
+- Computed value: 0.096 × 3600 = 345.6 total events
+
+Use the `-raw` flag to see the original unprocessed values if needed.
+
+## Additional Resources
+
+- [Cato API Documentation](https://api.catonetworks.com/documentation/#query-eventsTimeSeries)
+
+
+
+
+
 
 #### TimeFrame Parameter Examples
 

catocli/parsers/query_eventsTimeSeries/__init__.py

@@ -16,4 +16,10 @@ def query_eventsTimeSeries_parse(query_subparsers):
     query_eventsTimeSeries_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
     query_eventsTimeSeries_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
     query_eventsTimeSeries_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+
+
+    query_eventsTimeSeries_parser.add_argument('-f', '--format', choices=['json', 'csv'], help='Output format (default: formatted json, use -raw for original json)')
+    query_eventsTimeSeries_parser.add_argument('-raw', '--raw', dest='raw_output', action='store_true', help='Return raw/original JSON format (bypasses default formatting)')
+    query_eventsTimeSeries_parser.add_argument('--csv-filename', dest='csv_filename', help='Override CSV file name (default: eventstimeseries.csv)')
+    query_eventsTimeSeries_parser.add_argument('--append-timestamp', dest='append_timestamp', action='store_true', help='Append timestamp to the CSV file name')
     query_eventsTimeSeries_parser.set_defaults(func=createRequest,operation_name='query.eventsTimeSeries')

catocli/parsers/query_policy/__init__.py

@@ -30,27 +30,6 @@ def query_policy_parse(query_subparsers):
     query_policy_antiMalwareFileHash_policy_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
     query_policy_antiMalwareFileHash_policy_parser.set_defaults(func=createRequest,operation_name='query.policy.antiMalwareFileHash.policy')
 
-    query_policy_dynamicIpAllocation_parser = query_policy_subparsers.add_parser('dynamicIpAllocation', 
-            help='dynamicIpAllocation() policy operation', 
-            usage=get_help("query_policy_dynamicIpAllocation"))
-
-    query_policy_dynamicIpAllocation_subparsers = query_policy_dynamicIpAllocation_parser.add_subparsers()
-
-    query_policy_dynamicIpAllocation_policy_parser = query_policy_dynamicIpAllocation_subparsers.add_parser('policy', 
-            help='policy() dynamicIpAllocation operation', 
-            usage=get_help("query_policy_dynamicIpAllocation_policy"))
-
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('-accountID', help='The cato account ID to use for this operation. Overrides the account_id value in the profile setting.  This is use for reseller and MSP accounts to run queries against cato sub accounts from the parent account.')
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('-n', '--stream-events', dest='stream_events', help='Send events over network to host:port TCP')
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
-    query_policy_dynamicIpAllocation_policy_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
-    query_policy_dynamicIpAllocation_policy_parser.set_defaults(func=createRequest,operation_name='query.policy.dynamicIpAllocation.policy')
-
     query_policy_socketLan_parser = query_policy_subparsers.add_parser('socketLan', 
             help='socketLan() policy operation', 
             usage=get_help("query_policy_socketLan"))
@@ -72,27 +51,6 @@ def query_policy_parse(query_subparsers):
     query_policy_socketLan_policy_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
     query_policy_socketLan_policy_parser.set_defaults(func=createRequest,operation_name='query.policy.socketLan.policy')
 
-    query_policy_terminalServer_parser = query_policy_subparsers.add_parser('terminalServer', 
-            help='terminalServer() policy operation', 
-            usage=get_help("query_policy_terminalServer"))
-
-    query_policy_terminalServer_subparsers = query_policy_terminalServer_parser.add_subparsers()
-
-    query_policy_terminalServer_policy_parser = query_policy_terminalServer_subparsers.add_parser('policy', 
-            help='policy() terminalServer operation', 
-            usage=get_help("query_policy_terminalServer_policy"))
-
-    query_policy_terminalServer_policy_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
-    query_policy_terminalServer_policy_parser.add_argument('-accountID', help='The cato account ID to use for this operation. Overrides the account_id value in the profile setting.  This is use for reseller and MSP accounts to run queries against cato sub accounts from the parent account.')
-    query_policy_terminalServer_policy_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
-    query_policy_terminalServer_policy_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
-    query_policy_terminalServer_policy_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
-    query_policy_terminalServer_policy_parser.add_argument('-n', '--stream-events', dest='stream_events', help='Send events over network to host:port TCP')
-    query_policy_terminalServer_policy_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
-    query_policy_terminalServer_policy_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
-    query_policy_terminalServer_policy_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
-    query_policy_terminalServer_policy_parser.set_defaults(func=createRequest,operation_name='query.policy.terminalServer.policy')
-
     query_policy_wanNetwork_parser = query_policy_subparsers.add_parser('wanNetwork', 
             help='wanNetwork() policy operation', 
             usage=get_help("query_policy_wanNetwork"))
@@ -239,3 +197,45 @@ def query_policy_parse(query_subparsers):
     query_policy_tlsInspect_policy_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
     query_policy_tlsInspect_policy_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
     query_policy_tlsInspect_policy_parser.set_defaults(func=createRequest,operation_name='query.policy.tlsInspect.policy')
+
+    query_policy_dynamicIpAllocation_parser = query_policy_subparsers.add_parser('dynamicIpAllocation', 
+            help='dynamicIpAllocation() policy operation', 
+            usage=get_help("query_policy_dynamicIpAllocation"))
+
+    query_policy_dynamicIpAllocation_subparsers = query_policy_dynamicIpAllocation_parser.add_subparsers()
+
+    query_policy_dynamicIpAllocation_policy_parser = query_policy_dynamicIpAllocation_subparsers.add_parser('policy', 
+            help='policy() dynamicIpAllocation operation', 
+            usage=get_help("query_policy_dynamicIpAllocation_policy"))
+
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('-accountID', help='The cato account ID to use for this operation. Overrides the account_id value in the profile setting.  This is use for reseller and MSP accounts to run queries against cato sub accounts from the parent account.')
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('-n', '--stream-events', dest='stream_events', help='Send events over network to host:port TCP')
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
+    query_policy_dynamicIpAllocation_policy_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+    query_policy_dynamicIpAllocation_policy_parser.set_defaults(func=createRequest,operation_name='query.policy.dynamicIpAllocation.policy')
+
+    query_policy_terminalServer_parser = query_policy_subparsers.add_parser('terminalServer', 
+            help='terminalServer() policy operation', 
+            usage=get_help("query_policy_terminalServer"))
+
+    query_policy_terminalServer_subparsers = query_policy_terminalServer_parser.add_subparsers()
+
+    query_policy_terminalServer_policy_parser = query_policy_terminalServer_subparsers.add_parser('policy', 
+            help='policy() terminalServer operation', 
+            usage=get_help("query_policy_terminalServer_policy"))
+
+    query_policy_terminalServer_policy_parser.add_argument('json', nargs='?', default='{}', help='Variables in JSON format (defaults to empty object if not provided).')
+    query_policy_terminalServer_policy_parser.add_argument('-accountID', help='The cato account ID to use for this operation. Overrides the account_id value in the profile setting.  This is use for reseller and MSP accounts to run queries against cato sub accounts from the parent account.')
+    query_policy_terminalServer_policy_parser.add_argument('-t', const=True, default=False, nargs='?', help='Print GraphQL query without sending API call')
+    query_policy_terminalServer_policy_parser.add_argument('-v', const=True, default=False, nargs='?', help='Verbose output')
+    query_policy_terminalServer_policy_parser.add_argument('-p', const=True, default=False, nargs='?', help='Pretty print')
+    query_policy_terminalServer_policy_parser.add_argument('-n', '--stream-events', dest='stream_events', help='Send events over network to host:port TCP')
+    query_policy_terminalServer_policy_parser.add_argument('-z', '--sentinel', dest='sentinel', help='Send events to Sentinel customerid:sharedkey')
+    query_policy_terminalServer_policy_parser.add_argument('-H', '--header', action='append', dest='headers', help='Add custom headers in "Key: Value" format. Can be used multiple times.')
+    query_policy_terminalServer_policy_parser.add_argument('--headers-file', dest='headers_file', help='Load headers from a file. Each line should contain a header in "Key: Value" format.')
+    query_policy_terminalServer_policy_parser.set_defaults(func=createRequest,operation_name='query.policy.terminalServer.policy')