catocli 3.0.26__py3-none-any.whl → 3.0.30__py3-none-any.whl

catocli/parsers/query_appStats/README.md

@@ -44,6 +44,12 @@ catocli query appStats '{
 ### Additional Examples
 - Query to export user activity as in flows_created, for distinct users (user_name) for the last day
 - Query to export application_name, user_name and risk_score with traffic sum(upstream, downstream, trafffic) for last day
+- Track daily user engagement and flow creation
+- Analyze applications by usage and security risk
+- Analyze applications by usage and security risk:
+- Top applications weekly by bandwidth
+- Daily per-user bandwidth consumption
+- Monthly traffic patterns by country
 
 # Query to export user activity as in flows_created, for distinct users (user_name) for the last day
 
@@ -107,6 +113,127 @@ catocli query appStats '{
 }' -f csv --csv-filename app_user_account_metrics_report.csv
 ```
 
+# Track daily user engagement and flow creation
+
+```bash
+# Track daily user engagement and flow creation
+catocli query appStats '{
+    "dimension": [
+      {"fieldName": "user_name"},
+      {"fieldName": "domain"}
+    ],
+    "measure": [
+        {"aggType": "sum", "fieldName": "flows_created"},
+        {"aggType": "count_distinct", "fieldName": "user_name"},
+        {"aggType": "sum", "fieldName": "traffic"}
+    ],
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename=appstats_user_activity.csv
+```
+
+# Analyze applications by usage and security risk
+
+```bash
+# Analyze applications by usage and security risk:
+catocli query appStats '{
+    "dimension": [
+        {"fieldName": "application_name"},
+        {"fieldName": "user_name"},
+        {"fieldName": "risk_score"}
+    ],
+    "measure": [
+        {"aggType": "sum", "fieldName": "downstream"},
+        {"aggType": "sum", "fieldName": "upstream"},
+        {"aggType": "sum", "fieldName": "traffic"}
+    ],
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename=appstats_user_risk_report.csv
+```
+
+# Top applications weekly by bandwidth
+
+```bash
+# Top applications weekly by bandwidth
+catocli query appStats '{
+    "dimension": [{"fieldName": "application_name"}],
+    "measure": [
+        {"aggType": "sum", "fieldName": "traffic"},
+        {"aggType": "sum", "fieldName": "flows_created"}
+    ],
+    "appStatsSort": [
+        {"fieldName": "traffic", "order": "desc"}
+    ],
+    "timeFrame": "last.P7D"
+}' -f csv --csv-filename=appstats_app_utilization.csv
+```
+
+# Daily per-user bandwidth consumption
+
+```bash
+# Daily per-user bandwidth consumption
+catocli query appStats '{
+    "dimension": [
+        {"fieldName": "user_name"}
+    ],
+    "measure": [
+        {"aggType": "sum", "fieldName": "downstream"},
+        {"aggType": "sum", "fieldName": "upstream"},
+        {"aggType": "sum", "fieldName": "traffic"},
+        {"aggType": "sum", "fieldName": "flows_created"}
+    ],
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename=appstats_user_bw.csv
+```
+
+### 5. High-Risk Application Analysis
+
+Focus on applications with elevated risk scores:
+
+```bash
+catocli query appStats '{
+    "appStatsFilter": [
+        {
+            "fieldName": "risk_score",
+            "operator": "gte", 
+            "values": ["5"]
+        }
+    ],
+    "appStatsSort": [
+        {
+            "fieldName": "risk_score",
+            "order": "desc"
+        }
+    ],
+    "dimension": [
+        {"fieldName": "application_name"},
+        {"fieldName": "risk_score"},
+        {"fieldName": "user_name"}
+    ],
+    "measure": [
+        {"aggType": "sum", "fieldName": "traffic"},
+        {"aggType": "sum", "fieldName": "flows_created"}
+    ],
+    "timeFrame": "last.P7D"
+}' -f csv --csv-filename=appstats_app_by_risk.csv
+```
+
+# Monthly traffic patterns by country
+
+```bash
+# Monthly traffic patterns by country
+catocli query appStats '{
+    "dimension": [
+        {"fieldName": "site_country"},
+        {"fieldName": "src_site_country_code"}
+    ],
+    "measure": [
+        {"aggType": "sum", "fieldName": "traffic"},
+        {"aggType": "count_distinct", "fieldName": "user_name"}
+    ],
+    "timeFrame": "last.P1M"
+}' -f csv --csv-filename=appstats_by_country.csv
+```
+
 
 
 

catocli/parsers/query_appStatsTimeSeries/README.md

@@ -41,7 +41,12 @@ catocli query appStatsTimeSeries '{
 ## Advanced Usage
 ### Additional Examples
 - Query to export upstream, downstream and traffic for user_name and application_name for last day broken into 1 hour buckets
-- Query to export WANBOUND traffic including upstream, downstream and traffic for user_name and application_name for last day broken into 1 hour buckets
+- Traffic patterns throughout the day
+- Wanbound traffic with hourly breakdown
+- Usage patterns over a full week
+- 5-minute intervals for detailed monitoring
+- Business hours with 15-minute granularity
+- User activity patterns with application usage
 
 # Query to export upstream, downstream and traffic for user_name and application_name for last day broken into 1 hour buckets
 
@@ -74,51 +79,130 @@ catocli query appStatsTimeSeries '{
         }
     ],
     "timeFrame": "last.P1D"
-}'
+}' -f csv --csv-filename=appStatsTimeSeries_app_bw.csv
 ```
 
-# Query to export WANBOUND traffic including upstream, downstream and traffic for user_name and application_name for last day broken into 1 hour buckets
+
+# Traffic patterns throughout the day
 
 ```bash
-# Query to export WANBOUND traffic including upstream, downstream and traffic for user_name and application_name for last day broken into 1 hour buckets
+# Traffic patterns throughout the day
+catocli query appStatsTimeSeries '{
+    "buckets": 24,
+    "dimension": [
+        {"fieldName": "user_name"},
+        {"fieldName": "application_name"}
+    ],
+    "perSecond": false,
+    "measure": [
+        {"aggType": "sum", "fieldName": "upstream"},
+        {"aggType": "sum", "fieldName": "downstream"},
+        {"aggType": "sum", "fieldName": "traffic"}
+    ],
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename=appStatsTimeSeries_user_app.csv
+```
+
+# Wanbound traffic with hourly breakdown
+
+```bash
+# Wanbound traffic with hourly breakdown
 catocli query appStatsTimeSeries '{
     "appStatsFilter": [
         {
             "fieldName": "traffic_direction",
             "operator": "is",
-            "values": [
-                "WANBOUND"
-            ]
+            "values": ["WANBOUND"]
         }
     ],
     "buckets": 24,
     "dimension": [
-        {
-            "fieldName": "application_name"
-        },
-        {
-            "fieldName": "user_name"
-        }
+        {"fieldName": "application_name"},
+        {"fieldName": "user_name"}
     ],
     "perSecond": false,
     "measure": [
-        {
-            "aggType": "sum",
-            "fieldName": "traffic"
-        },
-        {
-            "aggType": "sum",
-            "fieldName": "upstream"
-        },
-        {
-            "aggType": "sum",
-            "fieldName": "downstream"
-        }
+        {"aggType": "sum", "fieldName": "traffic"},
+        {"aggType": "sum", "fieldName": "upstream"},
+        {"aggType": "sum", "fieldName": "downstream"}
     ],
     "timeFrame": "last.P1D"
-}'
+}' -f csv --csv-filename=appStatsTimeSeries_user_wan.csv
+```
+
+# Usage patterns over a full week
+
+```bash
+# Usage patterns over a full week
+catocli query appStatsTimeSeries '{
+    "buckets": 168,
+    "dimension": [
+        {"fieldName": "category"},
+        {"fieldName": "src_site_name"}
+    ],
+    "perSecond": false,
+    "measure": [
+        {"aggType": "sum", "fieldName": "traffic"},
+        {"aggType": "sum", "fieldName": "flows_created"}
+    ],
+    "timeFrame": "last.P7D"
+}' -f csv --csv-filename appStatsTimeSeries_weekly_usage_category.csv
 ```
 
+# 5-minute intervals for detailed monitoring
+
+```bash
+# 5-minute intervals for detailed monitoring
+catocli query appStatsTimeSeries '{
+    "buckets": 72,
+    "dimension": [
+        {"fieldName": "user_name"}
+    ],
+    "perSecond": false,
+    "measure": [
+        {"aggType": "sum", "fieldName": "traffic"}
+    ],
+    "timeFrame": "last.PT6H"
+}' -f csv --csv-filename appStatsTimeSeries_high_resolution_user.csv
+```
+
+# Business hours with 15-minute granularity
+
+```bash
+# Business hours with 15-minute granularity
+catocli query appStatsTimeSeries '{
+    "buckets": 32,
+    "dimension": [
+        {"fieldName": "application_name"}
+    ],
+    "perSecond": false,
+    "measure": [
+        {"aggType": "sum", "fieldName": "traffic"},
+        {"aggType": "sum", "fieldName": "flows_created"}
+    ],
+    "timeFrame": "utc.2025-10-{15/08:00:00--15/16:00:00}"
+}' -f csv --csv-filename appStatsTimeSeries_bus_hours.csv
+```
+
+# User activity patterns with application usage
+
+```bash
+# User activity patterns with application usage
+catocli query appStatsTimeSeries '{
+    "buckets": 48,
+    "dimension": [
+        {"fieldName": "user_name"},
+        {"fieldName": "categories"}
+    ],
+    "perSecond": false,
+    "measure": [
+        {"aggType": "sum", "fieldName": "flows_created"}
+    ],
+    "timeFrame": "last.P2D"
+}' -f csv --csv-filename appStatsTimeSeries_user_by_category.csv
+```
+
+
 
 
 #### TimeFrame Parameter Examples

catocli/parsers/query_eventsTimeSeries/README.md

@@ -42,15 +42,13 @@ catocli query eventsTimeSeries '{
 ### Additional Examples
 - Weekly break down by hour of Internet Firewall events by rule_name
 - Weekly hourly breakdown by hour of sum of site events
-- 1 hour in 5 min increments of sum of site events used for detecting throttling
-- Basic Event Count Query with enhanced formatting
-- Basic Event Count Query - Returns formatted JSON with granularity-adjusted values
+- 1 hour 5 min increment of sum of site events used for detecting throttling
+- 1 hour 5 min increments of sum of site events used for detecting throttling
+- Basic event count - weekly hourly
 - Security Events Analysis
 - Security Events Analysis - Daily breakdown of security events
 - Connectivity Events by Country
 - Connectivity Events by Country - Weekly breakdown with country dimensions
-- Threat Analysis with Trend
-- Threat Analysis with Trend - Monthly threat score analysis
 - Socket Connectivity Analysis
 - Socket Connectivity Analysis - Connection events by socket interface
 
@@ -80,15 +78,16 @@ catocli query eventsTimeSeries '{
             "fieldName": "event_count"
         }
     ],
-    "timeFrame": "last.P7D"
-}'
+    "perSecond": false,
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename=eventsTimeSeries_by_subType.csv
 ```
 
 # Weekly hourly breakdown by hour of sum of site events
 
 ```bash
 # Weekly hourly breakdown by hour of sum of site events
-catocli query eventsTimeSeries -accountID=15412 '{
+catocli query eventsTimeSeries '{
     "buckets": 168,
     "eventsDimension": [],
     "eventsFilter": [
@@ -106,17 +105,18 @@ catocli query eventsTimeSeries -accountID=15412 '{
             "fieldName": "event_count"
         }
     ],
+    "perSecond": false,
     "timeFrame": "last.P7D"
-}'
+}' -f csv --csv-filename=eventsTimeSeries_hourly_site_events.csv
 ```
 
 
-# 1 hour in 5 min increments of sum of site events used for detecting throttling
+# 1 hour 5 min increment of sum of site events used for detecting throttling
 
 ```bash
-# 1 hour in 5 min increments of sum of site events used for detecting throttling
-catocli query eventsTimeSeries -accountID=15412 '{
-    "buckets": 12,
+# 1 hour 5 min increments of sum of site events used for detecting throttling
+catocli query eventsTimeSeries '{
+    "buckets": 168,
     "eventsDimension": [],
     "eventsFilter": [
         {
@@ -133,20 +133,22 @@ catocli query eventsTimeSeries -accountID=15412 '{
             "fieldName": "event_count"
         }
     ],
+    "perSecond": false,
     "timeFrame": "last.P1D"
-}'
+}' -f csv --csv-filename=eventsTimeSeries_15_min_site_events.csv
 ```
 
-
-
-
-# Basic Event Count Query with enhanced formatting
+# Basic event count - weekly hourly
 
 ```bash
-# Basic Event Count Query - Returns formatted JSON with granularity-adjusted values
+# Basic event count - weekly hourly
 catocli query eventsTimeSeries '{
-    "buckets": 4,
-    "eventsDimension": [],
+    "buckets": 168,
+    "eventsDimension": [
+        {
+            "fieldName": "rule_name"
+        }
+    ],
     "eventsFilter": [],
     "eventsMeasure": [
         {
@@ -154,8 +156,9 @@ catocli query eventsTimeSeries '{
             "fieldName": "event_count"
         }
     ],
-    "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"
-}'
+    "perSecond": false,
+    "timeFrame": "last.P7D"
+}' -f csv --csv-filename=eventsTimeSeries_weekly_hourly_events.csv
 ```
 
 # Security Events Analysis
@@ -178,8 +181,9 @@ catocli query eventsTimeSeries '{
             "fieldName": "event_count"
         }
     ],
-    "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"
-}'
+    "perSecond": false,
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename=eventsTimeSeries_daily_security_events.csv
 ```
 
 # Connectivity Events by Country
@@ -206,37 +210,9 @@ catocli query eventsTimeSeries '{
             "fieldName": "event_count"
         }
     ],
-    "timeFrame": "utc.2023-03-{01/00:00:00--07/23:59:59}"
-}'
-```
-
-# Threat Analysis with Trend
-
-```bash
-# Threat Analysis with Trend - Monthly threat score analysis
-catocli query eventsTimeSeries '{
-    "buckets": 31,
-    "eventsDimension": [],
-    "eventsFilter": [
-        {
-            "fieldName": "event_type",
-            "operator": "is",
-            "values": ["Security"]
-        },
-        {
-            "fieldName": "threat_score",
-            "operator": "gt",
-            "values": ["50"]
-        }
-    ],
-    "eventsMeasure": [
-        {
-            "aggType": "avg",
-            "fieldName": "threat_score"
-        }
-    ],
-    "timeFrame": "utc.2023-01-{01/00:00:00--31/23:59:59}"
-}'
+    "perSecond": false,
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename=eventsTimeSeries_weekly_daily_by_country.csv
 ```
 
 # Socket Connectivity Analysis
@@ -244,7 +220,7 @@ catocli query eventsTimeSeries '{
 ```bash
 # Socket Connectivity Analysis - Connection events by socket interface
 catocli query eventsTimeSeries '{
-    "buckets": 28,
+    "buckets": 7,
     "eventsDimension": [
         {
             "fieldName": "socket_interface"
@@ -268,8 +244,9 @@ catocli query eventsTimeSeries '{
             "fieldName": "event_count"
         }
     ],
-    "timeFrame": "utc.2023-02-{01/00:00:00--28/23:59:59}"
-}'
+    "perSecond": false,
+    "timeFrame": "last.P7D"
+}' -f csv --csv-filename=eventsTimeSeries_daily_socket_connect.csv
 ```
 
 ## Output Format Options

catocli/parsers/query_socketPortMetrics/README.md

@@ -43,6 +43,8 @@ catocli query socketPortMetrics '{
 ## Advanced Usage
 ### Additional Examples
 - 1 Day sum of traffic by site, socket_interface, device_id
+- Traffic patterns by site and interface
+- Traffic distribution across devices
 
 # 1 Day sum of traffic by site, socket_interface, device_id
 
@@ -83,6 +85,68 @@ catocli query socketPortMetrics '{
 }'
 ```
 
+# Traffic patterns by site and interface
+
+```bash
+# Traffic patterns by site and interface
+catocli query socketPortMetrics '{
+    "socketPortMetricsDimension": [
+        {"fieldName": "socket_interface"},
+        {"fieldName": "device_id"},
+        {"fieldName": "site_id"},
+        {"fieldName": "site_name"}
+    ],
+    "socketPortMetricsMeasure": [
+        {"aggType": "sum", "fieldName": "bytes_upstream"},
+        {"aggType": "sum", "fieldName": "bytes_downstream"},
+        {"aggType": "sum", "fieldName": "bytes_total"}
+    ],
+    "socketPortMetricsSort": [
+        {"fieldName": "bytes_total", "order": "desc"}
+    ],
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename socketPortMetrics_traffic_by_site_interface.csv
+```
+
+# Traffic distribution across devices
+
+```bash
+# Traffic distribution across devices
+catocli query socketPortMetrics '{
+    "socketPortMetricsDimension": [
+        {
+            "fieldName": "device_id"
+        },
+        {
+            "fieldName": "site_name"
+        }
+    ],
+    "socketPortMetricsFilter": [],
+    "socketPortMetricsMeasure": [
+        {
+            "aggType": "sum",
+            "fieldName": "bytes_total"
+        },
+        {
+            "aggType": "avg",
+            "fieldName": "throughput_downstream"
+        },
+        {
+            "aggType": "avg",
+            "fieldName": "throughput_upstream"
+        }
+    ],
+    "socketPortMetricsSort": [
+        {
+            "fieldName": "bytes_total",
+            "order": "desc"
+        }
+    ],
+    "timeFrame": "last.P1D"
+}' -f csv --csv-filename socketPortMetrics_site_bw_by_device.csv
+```
+
+
 
 
 #### TimeFrame Parameter Examples