Cato Networks GraphQL API Reference
Support
Terms of Service
Refer to: Support Policy for Cato API
API Endpoints and Schema
Refer to: What is the Cato API
GraphQL Introspection Query
Use the GraphQL Introspection system to learn more about queries and types with the Cato API schema.
For more information, see the GraphQL Documentation.
API Labeling
EA: These APIs are part of Cato's EA program, if you’re interested in joining, please contact us at ea@catonetworks.com
Rollout: We are gradually rolling out these APIs, and they will be available to all accounts after a few weeks.
Beta: These APIs are fully operational but may undergo schema changes, including potential breaking changes, with limited advance notice—possibly as short as two weeks.
Queries
accountBySubdomain
Response
Returns [AccountDataPayload!]
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
|
subdomains - [String!]!
|
a list of required subdomains |
Example
Query
query accountBySubdomain($accountID:ID!, $subdomains:[String!]!) {
accountBySubdomain(accountID:$accountID, subdomains:$subdomains) {
id
subdomain
}
}
Variables
{"accountID": "123", "subdomains": ["company"]}
Response
{"data": {"accountBySubdomain": [{"id": "123", "subdomain": "company"}]}}
accountMetrics
Description
The accountMetrics query helps you analyze the state and quality of the connections of sites and SDP users to the Cato Cloud. This data is for the traffic inside the DTLS tunnel between the site and the Cato Cloud. accountMetrics shows historical metrics, statics, and analytics for the account.
Response
Returns an AccountMetrics
Arguments
| Name | Description |
|---|---|
accountID - ID
|
Unique Identifier of Account. |
timeFrame - TimeFrame!
|
The time frame for the data that the query returns. The argument is in the format type.time value. This argument is mandatory. |
groupInterfaces - Boolean
|
When the boolean argument groupInterfaces is set to true, then the data for all the interfaces are aggregated to a single interface. |
groupDevices - Boolean
|
When the boolean argument groupDevices is set to true, then the analytics for all the Sockets (usually two in high availability) are aggregated as one result. For the best results for aggregated Sockets, we recommend that there is consistent names and functionality (for example Destination) for the links on both Sockets. |
Example
Query
query accountMetrics(
$accountID:ID!,
$timeFrame:TimeFrame!,
$groupInterfaces: Boolean,
$groupDevices: Boolean,
$siteIDs: [ID!]
) {
accountMetrics(
accountID:$accountID,
timeFrame: $timeFrame,
groupInterfaces: $groupInterfaces,
groupDevices: $groupDevices
) {
id
from
to
sites(siteIDs:$siteIDs) {
id
metrics {
bytesUpstream
bytesDownstream
}
interfaces {
name
metrics {
bytesUpstream
bytesDownstream
}
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"groupInterfaces": false,
"groupDevices": true,
"siteIDs": ["456", "789"]
}
Response
{
"data": {
"accountMetrics": {
"id": "123",
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"sites": [
{
"id": "456",
"metrics": {"bytesUpstream": 122324400, "bytesDownstream": 8354720},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 122324400,
"bytesDownstream": 8354720
}
}
]
},
{
"id": "789",
"metrics": {"bytesUpstream": 100254955, "bytesDownstream": 3907080},
"interfaces": [
{
"name": "WAN 01",
"metrics": {
"bytesUpstream": 100254955,
"bytesDownstream": 3907080
}
}
]
}
]
}
}
}
accountRoles
Response
Returns an AccountRolesResult!
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
|
accountType - AccountType
|
Example
Query
query accountRoles($accountID:ID!){
accountRoles(accountID: $accountID) {
items {
name
isPredefined
}
total
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountRoles": {
"items": [
{"name": "Editor", "isPredefined": true},
{"name": "Viewer", "isPredefined": true},
{"name": "Network admin", "isPredefined": true},
{"name": "Security Admin", "isPredefined": true},
{"name": "Access Admin", "isPredefined": true}
],
"total": 5
}
}
}
accountSnapshot
Description
Current snapshot-based metrics that show near real‑time data for the account. Provides analytics that are similar to the Topology page for the account.
Response
Returns an AccountSnapshot
Arguments
| Name | Description |
|---|---|
accountID - ID
|
Unique Identifier of Account. |
Example
Query
query accountSnapshot($accountID:ID!) {
accountSnapshot(accountID:$accountID) {
sites {
connectivityStatus
haStatus{
readiness
wanConnectivity
keepalive
socketVersion
}
operationalStatus
lastConnected
connectedSince
devices {
connected
version
}
}
users {
connectivityStatus
connectedInOffice
name
deviceName
}
timestamp
}
}
Variables
{"accountID": "123"}
Response
{
"data": {
"accountSnapshot": {
"sites": [
{
"connectivityStatus": "connected",
"haStatus": {
"readiness": "ready",
"wanConnectivity": "ok",
"keepalive": "ok",
"socketVersion": "ok"
},
"operationalStatus": "active",
"lastConnected": "2023-02-28T13:21:05Z",
"connectedSince": "2023-02-27T15:10:06Z",
"devices": [
{"connected": true, "version": "17.0.16303"},
{"connected": true, "version": "17.0.16303"}
]
},
{
"connectivityStatus": "disconnected",
"haStatus": null,
"operationalStatus": "active",
"lastConnected": "2020-03-11T13:43:40Z",
"connectedSince": null,
"devices": [{"connected": false, "version": ""}]
}
],
"users": [
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Employee Domywork",
"deviceName": "Employee’s MacBook Pro"
},
{
"connectivityStatus": "connected",
"connectedInOffice": false,
"name": "Alice Bobs",
"deviceName": "Alice’s MacBook Pro"
}
],
"timestamp": "2023-02-28T13:22:21Z"
}
}
}
admin
Response
Returns a GetAdminPayload
Example
Query
query admin($accountId:ID!, $adminID:ID!) {
admin(accountId:$accountId, adminID:$adminID) {
id
firstName
lastName
email
creationDate
mfaEnabled
managedRoles {
role {
name
}
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{
"data": {
"admin": {
"id": "456",
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"creationDate": "Dec 27, 2020 9:30:34 AM",
"mfaEnabled": false,
"managedRoles": [{"role": {"name": "Viewer"}}]
}
}
}
admins
Response
Returns an AdminsResult
Example
Query
query admins($accountId:ID!, $limit: Int) {
admins(accountID:$accountId, limit: $limit) {
items {
id
email
managedRoles {
role {
name
}
}
}
total
}
}
Variables
{"accountId": "123", "limit": 2}
Response
{
"data": {
"admins": {
"items": [
{
"id": "1",
"email": "editor@company.org",
"managedRoles": [{"role": {"name": "Editor"}}]
},
{
"id": "2",
"email": "viewer@company.org",
"managedRoles": [{"role": {"name": "Viewer"}}]
}
],
"total": 3
}
}
}
appStats
Description
BETA
Response
Returns an AppStats
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
|
postAggFilters - [AppStatsPostAggFilter!]
|
|
sort - [AppStatsSort!]
|
Example
Query
query appStats(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$dimensions:[Dimension],
$sort:[AppStatsSort!],
$limit:Int,
$from:Int,
) {
appStats(
accountID: $accountID,
timeFrame: $timeFrame,
measures: $measures,
dimensions:$dimensions,
sort:$sort,
) {
from
to
records(limit:$limit, from:$from){
fieldsMap
fieldsUnitTypes
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"dimensions": [{"fieldName": "application_id"}],
"sort": [{"fieldName": "traffic", "order": "desc"}],
"measures": [
{"fieldName": "traffic", "aggType": "sum"},
{"fieldName": "application", "aggType": "any"}
],
"limit": 5,
"from": 0
}
Response
{
"data": {
"appStats": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"records": [
{
"fieldsMap": {
"application_id": "zoom",
"application": "Zoom",
"traffic": "95138282696"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"application_id": "udp",
"application": "UDP",
"traffic": "45401221439"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"application_id": "Tech",
"application": "Technological apps",
"traffic": "13982474567"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
},
{
"fieldsMap": {
"application_id": "AppleSoftwareupdate",
"application": "Apple software update",
"traffic": "11624258191"
},
"fieldsUnitTypes": ["none", "none", "bytes"]
}
]
}
}
}
appStatsTimeSeries
Description
BETA
Response
Returns an AppStatsTimeSeries
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [Measure]
|
|
dimensions - [Dimension]
|
|
filters - [AppStatsFilter!]
|
Example
Query
query appStatsTimeSeries(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [Measure],
$buckets:Int!
) {
appStatsTimeSeries(
accountID:$accountID,
timeFrame:$timeFrame,
measures: $measures
) {
from
to
granularity
timeseries(buckets:$buckets) {
label
data
key {
measureFieldName
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [
{"fieldName": "upstream", "aggType": "sum"},
{"fieldName": "downstream", "aggType": "sum"}
],
"buckets": 5
}
Response
{
"data": {
"appStatsTimeSeries": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 14400,
"timeseries": [
{
"label": "sum(upstream)",
"data": [
[1677542400000, 77192],
[1677556800000, 742410],
[1677571200000, 5335372],
[1677585600000, 2239509],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "upstream"}
},
{
"label": "sum(downstream)",
"data": [
[1677542400000, 209763],
[1677556800000, 1713925],
[1677571200000, 7719290],
[1677585600000, 2573650],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "downstream"}
}
]
}
}
}
auditFeed
Description
Audit Feed for account changes
Response
Returns an AuditFeed
Arguments
| Name | Description |
|---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
timeFrame - TimeFrame!
|
|
filters - [AuditFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query auditFeed($accountID:ID!, $timeFrame: TimeFrame!){
auditFeed(accountIDs:[$accountID], timeFrame:$timeFrame) {
from
to
fetchedCount
accounts {
id
records{
admin {
name
}
object {
name
}
time
fields {
name
value {
... on Entity {
name
id
type
}
... on StringValue {
string
}
... on DateValue {
date
}
}
}
}
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"auditFeed": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-02-28T23:59:59Z",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"records": [
{
"time": "2023-02-28T08:48:21Z",
"fields": [
{
"name": "admin",
"value": {
"name": "admin@company.org",
"id": "456",
"type": "admin",
"__typename": "Entity"
}
},
{
"name": "change.Before.description",
"value": {
"string": "Description before change",
"__typename": "StringValue"
}
},
{
"name": "change.After.description",
"value": {
"string": "Description after change",
"__typename": "StringValue"
}
},
{
"name": "model_name",
"value": {"string": "Site name", "__typename": "StringValue"}
},
{
"name": "module",
"value": {
"string": "Configuration",
"__typename": "StringValue"
}
},
{
"name": "change_type",
"value": {"string": "MODIFIED", "__typename": "StringValue"}
},
{
"name": "creation_date",
"value": {
"string": "1677574090000",
"__typename": "DateValue"
}
},
{
"name": "model_type",
"value": {"string": "Site", "__typename": "StringValue"}
},
{
"name": "admin_id",
"value": {"string": "456", "__typename": "StringValue"}
},
{
"name": "insertion_date",
"value": {
"date": "2023-02-28T08:48:21Z",
"__typename": "DateValue"
}
},
{
"name": "account_id",
"value": {"string": "123", "__typename": "StringValue"}
}
]
}
]
}
]
}
}
}
entityLookup
Description
Lookup entities with a specific type, potentially filtered and paged
Response
Returns an EntityLookupResult!
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
The account ID (or 0 for non-authenticated requests) |
type - EntityType!
|
Type of entity to lookup for |
limit - Int
|
Sets the maximum number of items to retrieve Default |
from - Int
|
Sets the offset number of items (for paging) Default |
parent - EntityInput
|
Return items under a parent entity (can be site, vpn user, etc), used to filter for networks that belong to a specific site for example |
search - String
|
Adds additional search parameters for the lookup. Available options: country lookup: "removeExcluded" to return only allowed countries countryState lookup: country code ("US", "CN", etc) to get country's states Default |
entityIDs - [ID!]
|
Adds additional search criteria to fetch by the selected list of entity IDs. This option is not universally available, and may not be applicable specific Entity types. If used on non applicable entity type, an error will be generated. |
sort - [SortInput]
|
Adds additional sort criteria(s) for the lookup. This option is not universally available, and may not be applicable specific Entity types. |
filters - [LookupFilterInput]
|
Custom filters for entityLookup |
helperFields - [String!]
|
Additional helper fields |
Example
Query
query entityLookup($accountID:ID!, $limit:Int, $type:EntityType!) {
entityLookup(accountID: $accountID, type:$type, limit: $limit) {
items {
entity{
id
name
}
}
total
}
}
Variables
{"accountID": "123", "limit": 2, "type": "site"}
Response
{
"data": {
"entityLookup": {
"items": [
{"entity": {"id": "45040", "name": "azure_test"}},
{"entity": {"id": "75791", "name": "esx_test"}}
],
"total": 5
}
}
}
events
Response
Returns an Events
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
|
postAggFilters - [EventsPostAggFilter!]
|
|
sort - [EventsSort!]
|
Example
Query
query events($accountID:ID!, $timeFrame:TimeFrame!, ) {
events(accountID: $accountID, timeFrame:$timeFrame, measures: {fieldName: event_count, aggType: sum}) {
records {
flatFields
fieldsMap
}
}
}
Variables
{"accountID": "123", "timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}"}
Response
{
"data": {
"events": {
"records": [
{
"flatFields": [["event_count", "2"]],
"fieldsMap": {"event_count": "2"}
}
]
}
}
}
eventsFeed
Description
Event Feed for events paged by a topic partitions offsets marker
Response
Returns an EventsFeedData
Arguments
| Name | Description |
|---|---|
accountIDs - [ID!]
|
List of Unique Account Identifiers. |
filters - [EventFeedFieldFilterInput!]
|
|
marker - String
|
Marker to use to get results from |
Example
Query
query eventsFeed(
$accountIDs: [ID!],
$filters: [EventFeedFieldFilterInput!]
) {
eventsFeed(
accountIDs: $accountIDs,
filters: $filters,
) {
marker
fetchedCount
accounts {
id
errorString
records {
fieldsMap
}
}
}
}
Variables
{
"accountIDs": [123],
"filters": [
{
"fieldName": "event_type",
"operator": "is_not",
"values": ["Sockets Management"]
},
{
"fieldName": "event_sub_type",
"operator": "is",
"values": ["Disconnected"]
}
]
}
Response
{
"data": {
"eventsFeed": {
"marker": "W3siVG9waWMiOiIxODIiLCJQYXJ0aXRpb24iOjAsIk9mZnNldCI6MzIxNTM4fV0=",
"fetchedCount": 1,
"accounts": [
{
"id": "123",
"errorString": "",
"records": [
{
"fieldsMap": {
"ISP_name": "IP Addresses Are Assigned Statically",
"account_id": "123",
"client_version": "8.0.4127",
"event_count": "1",
"event_sub_type": "Disconnected",
"event_type": "Connectivity",
"event_id": "7r0c7xUYIf",
"link_type": "Cato",
"pop_name": "Amsterdam",
"socket_interface": "WAN1",
"src_country": "Israel",
"src_country_code": "IL",
"src_is_site_or_vpn": "Site",
"src_isp_ip": "1.2.3.4",
"src_site": "native-range",
"time": "1677170467000",
"tunnel_protocol": "DTLS"
}
}
]
}
]
}
}
}
eventsTimeSeries
Response
Returns an EventsTimeSeries
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [EventsMeasure]
|
|
dimensions - [EventsDimension]
|
|
filters - [EventsFilter!]
|
Example
Query
query eventsTimeSeries(
$accountID: ID!,
$filters: [EventsFilter!],
$timeFrame: TimeFrame!,
$measures: [EventsMeasure],
$buckets: Int!
) {
eventsTimeSeries(
accountID: $accountID,
filters: $filters,
timeFrame:$timeFrame,
measures: $measures
) {
id
from
to
granularity
timeseries(buckets:$buckets) {
label
data
}
}
}
Variables
{
"accountID": "4125",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [{"fieldName": "event_count", "aggType": "sum"}],
"buckets": 4
}
Response
{
"data": {
"eventsTimeSeries": {
"id": "4125",
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 21600,
"timeseries": [
{
"label": "sum(event_count)",
"data": [
[1677542400000, 5],
[1677564000000, 2],
[1677585600000, 0],
[1677607200000, 5]
]
}
]
}
}
}
servicePrincipalAdmin
Response
Returns a GetServicePrincipalAdminPayload
Example
Query
query servicePrincipalAdmin($accountId:ID!, $adminID:ID!) {
servicePrincipalAdmin(accountId:$accountId, adminID:$adminID) {
id
name
email
creationDate
managedRoles {
role {
name
}
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{
"data": {
"servicePrincipalAdmin": {
"id": "456",
"name": "Service Principal",
"email": "service.principal@company.org",
"creationDate": "Dec 27, 2020 9:30:34 AM",
"managedRoles": [{"role": {"name": "Viewer"}}]
}
}
}
socketPortMetrics
Description
Provides historical metrics for physical and logical interfaces on Cato Sockets. This API enables detailed monitoring of LAN, WAN, Tunnel, Bypass, and Off-Cloud traffic, including throughput, bandwidth usage, and cellular signal quality.
Response
Returns a SocketPortMetrics
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [SocketPortMetricsMeasure]
|
|
dimensions - [SocketPortMetricsDimension]
|
|
filters - [SocketPortMetricsFilter!]
|
|
postAggFilters - [SocketPortMetricsPostAggFilter!]
|
|
sort - [SocketPortMetricsSort!]
|
Example
Query
query socketPortMetrics(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [SocketPortMetricsMeasure],
$dimensions:[SocketPortMetricsDimension],
$sort:[SocketPortMetricsSort!],
$limit:Int,
$from:Int,
) {
socketPortMetrics(
accountID: $accountID,
timeFrame: $timeFrame,
measures: $measures,
dimensions:$dimensions,
sort:$sort,
) {
from
to
records(limit:$limit, from:$from){
fieldsMap
fieldsUnitTypes
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"dimensions": [{"fieldName": "site_id"}],
"sort": [{"fieldName": "throughput_upstream", "order": "desc"}],
"measures": [
{"fieldName": "throughput_upstream", "aggType": "max"},
{"fieldName": "throughput_downstream", "aggType": "max"}
],
"limit": 5,
"from": 0
}
Response
{
"data": {
"appStats": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"records": [
{
"fieldsMap": {
"site_id": "1",
"throughput_upstream": "40",
"throughput_downstream": "20"
},
"fieldsUnitTypes": ["number", "bytes", "bytes"]
},
{
"fieldsMap": {
"site_id": "2",
"throughput_upstream": "40",
"throughput_downstream": "20"
},
"fieldsUnitTypes": ["number", "bytes", "bytes"]
},
{
"fieldsMap": {
"site_id": "3",
"throughput_upstream": "50",
"throughput_downstream": "30"
},
"fieldsUnitTypes": ["number", "bytes", "bytes"]
},
{
"fieldsMap": {
"site_id": "4",
"throughput_upstream": "40",
"throughput_downstream": "20"
},
"fieldsUnitTypes": ["number", "bytes", "bytes"]
}
]
}
}
}
socketPortMetricsTimeSeries
Description
Provides historical time series metrics for physical and logical interfaces on Cato Sockets. This API enables detailed monitoring of LAN, WAN, Tunnel, Bypass, and Off-Cloud traffic, including throughput, bandwidth usage, and cellular signal quality.
Response
Returns a SocketPortMetricsTimeSeries
Arguments
| Name | Description |
|---|---|
accountID - ID!
|
Account ID |
timeFrame - TimeFrame!
|
|
measures - [SocketPortMetricsMeasure]
|
|
dimensions - [SocketPortMetricsDimension]
|
|
filters - [SocketPortMetricsFilter!]
|
Example
Query
query socketPortMetricsTimeSeries(
$accountID:ID!,
$timeFrame:TimeFrame!,
$measures: [SocketPortMetricsMeasure],
$buckets:Int!
) {
socketPortMetricsTimeSeries(
accountID:$accountID,
timeFrame:$timeFrame,
measures: $measures
) {
from
to
granularity
timeseries(buckets:$buckets) {
label
data
key {
measureFieldName
}
}
}
}
Variables
{
"accountID": "123",
"timeFrame": "utc.2023-02-{28/00:00:00--28/23:59:59}",
"measures": [
{"fieldName": "throughput_upstream", "aggType": "sum"},
{"fieldName": "throughput_downstream", "aggType": "sum"}
],
"buckets": 5
}
Response
{
"data": {
"appStatsTimeSeries": {
"from": "2023-02-28T00:00:00Z",
"to": "2023-03-01T00:00:00Z",
"granularity": 14400,
"timeseries": [
{
"label": "sum(throughput_upstream)",
"data": [
[1677542400000, 77192],
[1677556800000, 742410],
[1677571200000, 5335372],
[1677585600000, 2239509],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "throughput_upstream"}
},
{
"label": "sum(throughput_downstream)",
"data": [
[1677542400000, 209763],
[1677556800000, 1713925],
[1677571200000, 7719290],
[1677585600000, 2573650],
[1677600000000, 0],
[1677614400000, 0]
],
"key": {"measureFieldName": "throughput_downstream"}
}
]
}
}
}
subDomains
Description
The subdomain query helps you retrieve the URL of an account. The usage of this query supports 3 different scenarios:
- Regular account - Return only 1 subdomain relating to the regular account
- Reseller account - Return all subdomains including the reseller account subdomain
- Reseller account - Return only the reseller account subdomain
Response
Returns [SubDomain!]!
Example
Query
query subDomains($accountID:ID!, $managedAccount:Boolean) {
subDomains(accountID:$accountID, managedAccount:$managedAccount) {
accountId
accountName
accountType
subDomain
}
}
Variables
{"accountID": "123", "managedAccount": true}
Response
{
"data": {
"subDomains": [
{
"accountId": "123",
"accountName": "Gamma LLC",
"accountType": "Reseller",
"subDomain": "subdomain3"
},
{
"accountId": "1235",
"accountName": "Delta Inc.",
"accountType": "Regular",
"subDomain": "subdomain4"
}
]
}
}
AccountManagementQueries
account
Description
Read the account information
Response
Returns an AccountInfo
Example
Query
query getAccount($accountId:ID!) {
accountManagement(accountId: $accountId) {
account {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{"accountId": "456"}
Response
{
"data": {
"accountManagement": {
"account": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
AntiMalwareFileHashPolicyQueries
policy
Beta
Response
Returns an AntiMalwareFileHashPolicy!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashPolicyInput
|
Example
Query
query AntiMalwareFileHash($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
policy {
enabled
rules {
properties
rule {
id
index
name
fileName
expirationDate
action
sha256
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"policy": {
"enabled": true,
"rules": [
{
"properties": [],
"rule": {
"id": "rule-id-1",
"index": 0,
"name": "Block Malicious File",
"fileName": "malware.exe",
"expirationDate": "2025-12-31T23:59:59Z",
"action": "BLOCK",
"sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
}
}
],
"sections": [
{
"properties": [],
"section": {"id": "section-id-1", "name": "Default Section"}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query AntiMalwareFileHash($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Initial Revision", "changes": 2}
]
}
}
}
}
}
AppTenantRestrictionPolicyQueries
policy
Beta
Response
Returns an AppTenantRestrictionPolicy!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionPolicyInput
|
Example
Query
query AppTenantRestriction($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "5e38909c-d5f4-4132-98eb-7efd28ca5ca5",
"index": 1,
"name": "App Tenant Restriction Rule 1"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "0f61ccb5-1912-4bc0-ade6-06fc684b561f",
"name": "Section 1"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query AppTenantRestriction($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
ApplicationControlPolicyQueries
policy
Beta
Response
Returns an ApplicationControlPolicy!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlPolicyInput
|
Example
Query
query ApplicationControl($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "2131672",
"index": 1,
"name": "Block uploading credit card numbers"
}
},
{
"properties": [],
"rule": {
"id": "2131673",
"index": 2,
"name": "Microsoft - Only allow the tenant catonetworks.com"
}
},
{
"properties": [],
"rule": {
"id": "2131674",
"index": 3,
"name": "Microsoft - Monitor logins for external Microsoft tenants (click rule to read Description)"
}
},
{
"properties": [],
"rule": {
"id": "2131675",
"index": 4,
"name": "OneDrive - Only allow the catonetworks.com tenant"
}
},
{
"properties": [],
"rule": {
"id": "2131676",
"index": 5,
"name": "OneDrive - Monitor logins for external OneDrive tenants (click rule to read Description)"
}
},
{
"properties": [],
"rule": {
"id": "2131677",
"index": 6,
"name": "OneDrive - Monitor personal OneDrive tenants"
}
},
{
"properties": [],
"rule": {
"id": "2131678",
"index": 7,
"name": "Gmail - Monitor Gmail attachments"
}
},
{
"properties": [],
"rule": {
"id": "2131679",
"index": 8,
"name": "Monitor online storage apps: risk higher than 3, or no ISO"
}
},
{
"properties": [],
"rule": {
"id": "2131680",
"index": 9,
"name": "Twitter/X - Block posts with the string “samplekeyword”"
}
},
{
"properties": [],
"rule": {
"id": "2131681",
"index": 10,
"name": "Twitter/X - Monitor posts with long words (more than 8 characters)"
}
},
{
"properties": [],
"rule": {
"id": "2131682",
"index": 11,
"name": "Twitter/X - Monitor all posts"
}
},
{
"properties": [],
"rule": {
"id": "2131683",
"index": 12,
"name": "OpenAI - Restrict logins for allowed users and tenants"
}
},
{
"properties": [],
"rule": {
"id": "2131684",
"index": 13,
"name": "Open AI - Monitor logins for external tenant (click rule to read Description)"
}
},
{
"properties": [],
"rule": {
"id": "2131685",
"index": 14,
"name": "OpenAI - Monitor third-party logins"
}
},
{
"properties": [],
"rule": {
"id": "2131686",
"index": 15,
"name": "Google Drive - Restrict view to allowed folders"
}
},
{
"properties": [],
"rule": {
"id": "2131687",
"index": 16,
"name": "Google Drive - Monitor non-allowed folders (click rule to read Description)"
}
},
{
"properties": [],
"rule": {
"id": "2131688",
"index": 17,
"name": "Test sensitivity labels - edit MIP labels before enabling"
}
},
{
"properties": [],
"rule": {
"id": "2131689",
"index": 18,
"name": "Sanctioned apps - Allow upload without monitoring"
}
},
{
"properties": [],
"rule": {
"id": "2131690",
"index": 19,
"name": "Non-sanctioned apps - Monitor uploads"
}
},
{
"properties": [],
"rule": {
"id": "2131691",
"index": 20,
"name": "Log Any Cloud Application Granular Activities"
}
}
],
"sections": []
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query ApplicationControl($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
CatalogQueries
catalogApplication
Beta
Response
Returns a CatalogApplication
Arguments
| Name | Description |
|---|---|
input - ApplicationRefInput!
|
Example
Query
query ($accountId: ID!, $refInput: ApplicationRefInput!) {
catalogs(accountId: $accountId) {
catalogApplication(input: $refInput) {
__typename
id
name
descriptionSummary
description
category {
id
name
}
securityAttributes {
mfa
encryptionAtRest
auditTrail
rbac
rememberPassword
sso
trustedCertificate
tlsEnforcement
httpSecurityHeaders
}
ipoStatus
website
originCountry {
id
name
}
region
city
risk
numOfEmployees
capability
activity {
id
name
}
type
sanctioned
recentlyAdded
standardPorts {
port
protocol
}
}
}
}
Variables
{"accountId": "123456", "refInput": {"by": "ID", "input": "Facebook"}}
Response
{
"data": {
"catalogs": {
"catalogApplication": {
"__typename": "CatalogApplication",
"id": "Facebook",
"name": "Facebook",
"descriptionSummary": "Facebook is an online social networking service that enables its users to connect with friends and family.",
"description": "Facebook is an online social networking service that allows its users to connect with friends and family as well as make new connections.",
"category": [{"id": "social", "name": "Social"}],
"securityAttributes": {
"mfa": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"auditTrail": "SUPPORTED",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"trustedCertificate": "SUPPORTED",
"tlsEnforcement": "SUPPORTED",
"httpSecurityHeaders": "SUPPORTED"
},
"ipoStatus": "IPO",
"website": "http://www.facebook.com",
"originCountry": {"id": "US", "name": "United States"},
"region": "California",
"city": "Menlo Park",
"risk": 3,
"numOfEmployees": "BETWEEN_10001_MAX",
"capability": ["APP_CONTROL_INLINE"],
"activity": [
{"id": "facebook_upload_post", "name": "Post"},
{"id": "facebook_comment", "name": "Comment"},
{"id": "facebook_login", "name": "Login"},
{"id": "full_path_url", "name": "Full Path URL"}
],
"type": "CLOUD_APPLICATION",
"sanctioned": false,
"recentlyAdded": false,
"standardPorts": [{"port": [443], "protocol": "TCP"}]
}
}
}
}
catalogApplicationList
Beta
Response
Returns a CatalogApplicationListPayload
Arguments
| Name | Description |
|---|---|
input - CatalogApplicationListInput!
|
Example
Query
query ($accountId: ID!, $input: CatalogApplicationListInput!) {
catalogs(accountId: $accountId) {
catalogApplicationList(input: $input) {
pageInfo {
total
}
application {
__typename
id
name
descriptionSummary
description
category {
id
name
}
complianceAttributes {
iso27001
sox
hippa
soc1
soc2
soc3
isae3402
pciDss
}
securityAttributes {
mfa
encryptionAtRest
auditTrail
rbac
rememberPassword
sso
trustedCertificate
tlsEnforcement
httpSecurityHeaders
}
ipoStatus
website
originCountry {
id
name
}
region
city
risk
numOfEmployees
capability
activity {
id
name
}
type
sanctioned
recentlyAdded
standardPorts {
port
protocol
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"sort": {"name": {"direction": "ASC", "priority": 1}},
"filter": [{"freeText": {"search": "Facebook"}}],
"paging": {"limit": 1}
}
}
Response
{
"data": {
"catalogs": {
"catalogApplicationList": {
"pageInfo": {"total": 1},
"application": [
{
"__typename": "CatalogApplication",
"id": "Facebook",
"name": "Facebook",
"descriptionSummary": "Facebook is an online social networking service that enables its users to connect with friends and family.",
"description": "Facebook is an online social networking service that allows its users to connect with friends and family as well as make new connections.It provides its users with the ability to create a profile, update information, add images, send friend requests, and accept requests from other users. Its features include status update, photo tagging and sharing, and more. Facebooks profile structure includes a timeline, information related to the user, images of the user, images added by friends of the user, notes, pages, groups, and more. It enables its users to create pages related to entertainment, sports, business, finance, preferences, hobbies, culture, religion, causes, organizations, and a number of other categories. It also enables its users to join or create groups related to a vast number of categories.With millions of more users, [Friendster] attempted to acquire the company for $10 million in mid-2004. Facebook turned down the offer and subsequently received $12.7 million in funding from [Accel Partners] at a valuation of around $100 million. Facebook continued to grow opening up to high school students in September 2005 and adding a photo-sharing feature the next month. The next spring, Facebook received $25 million in funding from [Greylock Partners] and [Meritech Capital] as well as previous investors [Accel Partners] and [Peter Thiel]. The pre-money valuation for this deal was about $525 million. Facebook subsequently opened up to work networks eventually amassing over 20,000 work networks. Finally, in September 2006, Facebook was opened to anyone with an email address.Facebook continued to receive funding most notably in January 2011 receiving $1.5 billion and valuing the company at $50 billion. A year later in February 2012, Facebook announced that it was filing for its long-anticipated initial public offering. The company went public on May 18, 2012 opening in [NASDAQ] with shares trading at $42.05.Facebook announced positive numbers in February 2012 upon filing for its IPO. As of July 2013 over 1.15 billion users have logged into Facebook every month and 669 million users daily. Mobile users now make up half of Facebooks user base with 819 million monthly actives. Facebook is one of the most trafficked sites in the United States. Additionally, Facebook is the top photo-sharing site with 250 million photos uploaded per day.The company has a strategic partnership with AXA Group to develop marketing and commercial collaboration in the digital, social, and mobile sphere.Facebook is currently the owner of many applications and services such as Pagemodo Pagebuilder, [RSS Graffiti], Huddle, and more. It is the worlds largest social network with over 1.32 billion monthly active users.Facebook was founded by Mark Zuckerberg in Menlo Park, California in 2004.",
"category": [{"id": "social", "name": "Social"}],
"complianceAttributes": {
"iso27001": "SUPPORTED",
"sox": "SUPPORTED",
"hippa": "SUPPORTED",
"soc1": "SUPPORTED",
"soc2": "SUPPORTED",
"soc3": "SUPPORTED",
"isae3402": "SUPPORTED",
"pciDss": "SUPPORTED"
},
"securityAttributes": {
"mfa": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"auditTrail": "SUPPORTED",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"trustedCertificate": "SUPPORTED",
"tlsEnforcement": "SUPPORTED",
"httpSecurityHeaders": "SUPPORTED"
},
"ipoStatus": "IPO",
"website": "http://www.facebook.com",
"originCountry": {"id": "US", "name": "United States"},
"region": "California",
"city": "Menlo Park",
"risk": 3,
"numOfEmployees": "BETWEEN_10001_MAX",
"logo": null,
"capability": ["APP_CONTROL_INLINE"],
"activity": [
{"id": "facebook_upload_post", "name": "Post"},
{"id": "facebook_comment", "name": "Comment"},
{"id": "facebook_login", "name": "Login"},
{"id": "full_path_url", "name": "Full Path URL"}
],
"type": "CLOUD_APPLICATION",
"sanctioned": false,
"recentlyAdded": false,
"standardPorts": [{"port": [443], "protocol": "TCP"}]
}
]
}
}
}
}
contentTypeGroupList
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CatalogApplicationContentTypeGroupListInput!
|
Example
Query
query ContentTypeGroups($accountId: ID!, $input: CatalogApplicationContentTypeGroupListInput!) {
catalogs(accountId: $accountId) {
contentTypeGroupList(input: $input) {
pageInfo {
total
}
contentTypeGroup {
id
name
contentType {
id
name
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"sort": {"name": {"direction": "ASC", "priority": 1}},
"filter": [
{"name": {"in": ["Binaries", "disk"]}},
{"contentType": {"id": {"eq": "cab"}}, "id": {"eq": "archive"}}
],
"paging": {"limit": 20}
}
}
Response
{
"data": {
"catalogs": {
"contentTypeGroupList": {
"pageInfo": {"total": 2},
"contentTypeGroup": [
{
"id": "archive",
"name": "Archives",
"contentType": [{"id": "cab", "name": "Windows CABinet"}]
},
{
"id": "bin",
"name": "Binaries",
"contentType": [
{"id": "bin", "name": "Binary files"},
{"id": "elf-dump", "name": "ELF core dump"},
{"id": "elf-obj", "name": "ELF object file"},
{"id": "mat", "name": "MATLAB MAT file"}
]
}
]
}
}
}
}
ClientConnectivityPolicyQueries
policy
Beta
Response
Returns a ClientConnectivityPolicy!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityPolicyInput
|
Example
Query
query ClientConnectivityPolicy($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da",
"index": 1,
"name": "Updated rule name"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query ClientConnectivityPolicy($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
ContainerQueries
list
Beta
Response
Returns a ContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - ContainerSearchInput!
|
Example
Query
query listContainers($accountId:ID!, $input:ContainerSearchInput!) {
container(accountId: $accountId) {
list(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"refs": [{"by": "NAME", "input": "Some Container"}],
"types": ["FQDN"]
}
}
Response
{
"data": {
"container": {
"list": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
FqdnContainerQueries
downloadFile
Beta
Response
Returns a DownloadFqdnContainerFilePayload!
Arguments
| Name | Description |
|---|---|
input - DownloadFqdnContainerFileInput!
|
Example
Query
query downloadFqdnFile($accountId:ID!, $input:DownloadFqdnContainerFileInput!) {
container(accountId: $accountId) {
fqdn {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"fqdn": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "MTkwLjIwLjI0LjM2LTE5MC4yMC4yNC4yMzYKMjAuMTAuMTMuMjcKMTgzLjEzLjU0LjIzNA=="
}
}
}
}
}
search
Beta
Response
Returns a FqdnContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:FqdnContainerSearchInput!) {
container(accountId: $accountId) {
fqdn {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"fqdn": {
"search": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchFqdn
Beta
Response
Returns a FqdnContainerSearchFqdnPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerSearchFqdnInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:FqdnContainerSearchFqdnInput!) {
container(accountId: $accountId) {
fqdn {
searchFqdn(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{"accountId": 12345, "input": {"fqdn": "google.com"}}
Response
{
"data": {
"container": {
"fqdn": {
"searchFqdn": {
"containers": [
{
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
testFromURL
Beta
Response
Returns a TestContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - TestContainerFromUrlInput!
|
Example
Query
query testFqdnContainerFromURL($accountId:ID!, $input:TestContainerFromUrlInput!) {
container(accountId: $accountId) {
fqdn {
testFromURL(input: $input) {
sizeValid
topValid
sizeInvalid
topInvalid
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"url": "https://example.com/fqdns.csv", "fileType": "CSV"}
}
Response
{
"data": {
"container": {
"fqdn": {
"testFromURL": {
"sizeValid": 95,
"topValid": ["example.com", "google.com", "github.com"],
"sizeInvalid": 5,
"topInvalid": ["invalid..fqdn", "not-a-valid-fqdn-"]
}
}
}
}
}
IpAddressRangeContainerQueries
downloadFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - DownloadIpAddressRangeContainerFileInput!
|
Example
Query
query downloadIpAddressNameFile($accountId:ID!, $input:DownloadIpAddressRangeContainerFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
downloadFile(input: $input) {
id
name
encodedFile
}
}
}
}
Variables
{"accountId": 12345, "input": {"by": "NAME", "input": "Some Container"}}
Response
{
"data": {
"container": {
"ipAddressRange": {
"downloadFile": {
"id": "1234567890",
"name": "Some Container",
"encodedFile": "ZXhhbXBsZS5jb20KZ29vZ2xlLmNvbQphbWF6b20uY29t"
}
}
}
}
}
search
Beta
Response
Returns an IpAddressRangeContainerSearchPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerSearchInput!
|
Example
Query
query searchIpContainer($accountId:ID!, $input:IpAddressRangeContainerSearchInput!) {
container(accountId: $accountId) {
ipAddressRange {
search(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"search": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
searchIpAddressRange
Beta
Response
Returns an IpAddressRangeContainerSearchIpAddressRangePayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerSearchIpAddressRangeInput!
|
Example
Query
query searchIpInContainer($accountId:ID!, $input:IpAddressRangeContainerSearchIpAddressRangeInput!) {
container(accountId: $accountId) {
ipAddressRange {
searchIpAddressRange(input: $input) {
containers {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ipAddressRange": {"from": "190.20.24.36", "to": "190.20.24.236"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"searchIpAddressRange": {
"containers": [
{
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
]
}
}
}
}
}
testFromURL
Beta
Response
Returns a TestContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - TestContainerFromUrlInput!
|
Example
Query
query testIpAddressRangeContainerFromURL($accountId:ID!, $input:TestContainerFromUrlInput!) {
container(accountId: $accountId) {
ipAddressRange {
testFromURL(input: $input) {
sizeValid
topValid
sizeInvalid
topInvalid
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"url": "https://example.com/ip-ranges.csv", "fileType": "CSV"}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"testFromURL": {
"sizeValid": 95,
"topValid": [
"192.168.1.1-192.168.1.10",
"10.0.0.0-10.0.0.255",
"172.16.0.0-172.16.255.255"
],
"sizeInvalid": 5,
"topInvalid": [
"invalid-ip-range",
"999.999.999.999-1000.1000.1000.1000"
]
}
}
}
}
}
CustomAppDataQueries
Response
Returns a CustomApplication
Arguments
| Name | Description |
|---|---|
input - CustomApplicationRefInput!
|
Example
Query
query ($accountId: ID!, $refInput: CustomApplicationRefInput!) {
customAppData(accountId: $accountId) {
customApplication(input: $refInput) {
__typename
id
name
description
category {
id
name
}
criteria {
protocol
port
portRange {
from
to
}
destination {
domain
fqdn
destinationIp {
ip
subnet
ipRange {
from
to
}
}
}
}
}
}
}
Variables
{"accountId": "123456", "refInput": {"by": "ID", "input": "custom-app-id-123"}}
Response
{
"data": {
"customAppData": {
"customApplication": {
"__typename": "CustomApplication",
"id": "custom-app-id-123",
"name": "My Custom App",
"description": "A sample custom app for testing.",
"category": [{"id": "security", "name": "Security"}],
"criteria": [
{
"protocol": "TCP",
"port": [443],
"portRange": [{"from": 100, "to": 200}],
"destination": {
"domain": ["example.com"],
"fqdn": ["api.example.com"],
"destinationIp": {
"ip": ["192.168.1.1"],
"subnet": ["192.168.1.0/24"],
"ipRange": [{"from": "192.168.1.1", "to": "192.168.1.100"}]
}
}
}
]
}
}
}
}
Response
Returns a CustomApplicationListPayload
Arguments
| Name | Description |
|---|---|
input - CustomApplicationListInput!
|
Example
Query
query ($accountId: ID!, $input: CustomApplicationListInput!) {
customAppData(accountId: $accountId) {
customApplicationList(input: $input) {
items {
id
name
description
category {
id
name
}
criteria {
protocol
port
portRange {
from
to
}
destination {
domain
fqdn
destinationIp {
ip
subnet
ipRange {
from
to
}
}
}
}
}
paging {
total
}
}
}
}
Variables
{
"accountId": "123456",
"input": {"filter": [], "sort": {}, "paging": {"limit": 10}}
}
Response
{
"data": {
"customAppData": {
"customApplicationList": {
"items": [
{
"id": "custom-app-id-123",
"name": "My Custom App",
"description": "A sample custom app for testing",
"category": [{"id": "security", "name": "Security"}],
"criteria": [
{
"protocol": "TCP",
"port": [443],
"portRange": [{"from": 100, "to": 200}],
"destination": {
"domain": ["example.com"],
"fqdn": ["api.example.com"],
"destinationIp": {
"ip": ["192.168.1.1"],
"subnet": ["192.168.1.0/24"],
"ipRange": [{"from": "192.168.1.1", "to": "192.168.1.100"}]
}
}
}
]
}
],
"paging": {"total": 1}
}
}
}
}
DevicesQueries
attributesCatalog
Beta
Response
Returns a DeviceAttributesCatalogQueries!
Example
Query
query DeviceAttributesCatalog(
$accountId: ID!,
$categorySort: SortOrderInput,
$typeInput: DeviceAttributeCatalogInput,
$osInput: DeviceAttributeCatalogInput,
$modelInput: DeviceAttributeCatalogInput,
$manufacturerInput: DeviceAttributeCatalogInput
) {
devices(accountId: $accountId) {
attributesCatalog {
category(sort: $categorySort) {
items
pageInfo {
total
}
}
type(input: $typeInput) {
items
pageInfo {
total
}
}
os(input: $osInput) {
items
pageInfo {
total
}
}
model(input: $modelInput) {
items
pageInfo {
total
}
}
manufacturer(input: $manufacturerInput) {
items
pageInfo {
total
}
}
}
}
}
Variables
{
"accountId": "1",
"categorySort": {"direction": "ASC"},
"typeInput": {"sort": {"direction": "ASC"}, "paging": {"limit": 100000}},
"modelInput": {"sort": {"direction": "ASC"}, "paging": {"limit": 100000}},
"osInput": {"sort": {"direction": "ASC"}, "paging": {"limit": 100000}},
"manufacturerInput": {
"sort": {"direction": "ASC"},
"paging": {"limit": 100000}
}
}
Response
{
"data": {
"devices": {
"attributesCatalog": {
"category": {
"items": ["IoT", "Mobile", "Networking", "OT", "PC", "Server"],
"pageInfo": {"total": 6}
},
"type": {
"items": [
"Desktop",
"Laptop",
"SD-WAN",
"Virtual Machine",
"Workstation"
],
"pageInfo": {"total": 5}
},
"os": {
"items": ["Linux", "Windows", "Windows Workstation", "macOS"],
"pageInfo": {"total": 4}
},
"model": {
"items": [
"",
"X1500",
"vSocket AWS",
"vSocket Azure",
"vSocket ESX",
"vSocket GCP"
],
"pageInfo": {"total": 6}
},
"manufacturer": {
"items": ["Apple", "Cato Networks", "Dell", "Microsoft", "VMware"],
"pageInfo": {"total": 5}
}
}
}
}
}
csvExport
Beta
Response
Returns an ExportJobResponse!
Arguments
| Name | Description |
|---|---|
input - DeviceCsvExportInput
|
Example
Query
query RequestExport($accountId: ID!) {
devices(accountId: $accountId) {
csvExport {
jobId
message
}
}
}
Variables
{"accountId": "11097"}
Response
{
"data": {
"devices": {
"csvExport": {
"jobId": "export-job-12345",
"message": "CSV export job started successfully"
}
}
}
}
csvExportStatus
Beta
Response
Returns an ExportStatusResponse!
Arguments
| Name | Description |
|---|---|
jobId - ID!
|
Example
Query
query GetExportStatus($accountId: ID!, $jobId: ID!) {
devices(accountId: $accountId) {
csvExportStatus(jobId: $jobId) {
jobId
status
progress
message
downloadUrl
expiresAt
}
}
}
Variables
{"accountId": "11097", "jobId": "62514d9c-de95-4e6b-a06d-36bca0f6f1e4"}
Response
{
"data": {
"devices": {
"csvExportStatus": {
"jobId": "62514d9c-de95-4e6b-a06d-36bca0f6f1e4",
"status": "COMPLETED",
"progress": 100,
"message": "Export completed successfully",
"downloadUrl": "https://api.example.com/downloads/devices-export-12345.csv",
"expiresAt": "2023-06-10T15:00:00Z"
}
}
}
}
list
Beta
Response
Returns a DevicesPayload
Arguments
| Name | Description |
|---|---|
input - DeviceV2Input
|
Example
Query
query DevicesTable(
$accountId: ID!
$filter: [DeviceV2FilterInput!]!
$sort: DeviceSortInput!
$paging: PagingInput!
) {
devices(accountId: $accountId) {
list(input: { filter: $filter, sort: $sort, paging: $paging }) {
device {
...DeviceInfo
__typename
}
paging {
total
__typename
}
__typename
}
__typename
}
}
fragment DeviceInfo on DeviceV2 {
id
category
lastSeen
firstSeen
name
ip
site {
id
name
__typename
}
os {
product
version
vendor
__typename
}
nic {
macAddress
__typename
}
hw {
type
manufacturer
model
__typename
}
networkInfo {
__typename
... on SiteNetworkSubnetRef {
name
__typename
}
... on GlobalRangeRef {
name
__typename
}
}
user {
name
__typename
}
__typename
}
Variables
{
"accountId": "000000",
"paging": {"from": 0, "limit": 25},
"filter": [
{
"lastSeen": [
{"between": ["2025-08-30T08:08:47.032Z", "2025-09-01T08:08:47.032Z"]}
]
}
],
"sort": {}
}
Response
{
"data": {
"devices": {
"__typename": "DevicesQueries",
"list": {
"device": [
{
"id": "dev000000000000000000001",
"category": "PC",
"lastSeen": "2025-09-01T07:53:32.000Z",
"firstSeen": "2025-08-05T08:15:53.000Z",
"name": "User-001-LM-IL",
"ip": "10.0.1.1",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:01:01",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000002",
"category": "PC",
"lastSeen": "2025-09-01T07:53:32.000Z",
"firstSeen": "2025-07-24T11:04:47.000Z",
"name": "User-002-LM-IL",
"ip": "10.0.1.2",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:01:02",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000003",
"category": "PC",
"lastSeen": "2025-09-01T07:53:29.000Z",
"firstSeen": "2025-07-23T14:00:46.000Z",
"name": "User-003-LM-IL",
"ip": "10.0.1.3",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:01:03",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000004",
"category": "PC",
"lastSeen": "2025-09-01T07:53:29.000Z",
"firstSeen": "2025-08-05T07:51:57.000Z",
"name": "User-004-LM-CZ",
"ip": "10.0.2.4",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:02:04",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000005",
"category": "PC",
"lastSeen": "2025-09-01T07:53:20.000Z",
"firstSeen": "2025-07-23T13:38:49.000Z",
"name": "User-005-LM-CZ",
"ip": "10.0.2.5",
"site": null,
"os": {
"product": "macOS",
"version": "15.6",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:02:05",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000006",
"category": "PC",
"lastSeen": "2025-09-01T07:52:39.000Z",
"firstSeen": "2025-07-23T13:59:36.000Z",
"name": "User-006-LM-IL",
"ip": "10.0.3.6",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.7",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:03:06",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000007",
"category": "PC",
"lastSeen": "2025-09-01T07:52:39.000Z",
"firstSeen": "2025-08-18T14:43:09.000Z",
"name": "User-007-LM-IL",
"ip": "10.0.3.7",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:03:07",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000008",
"category": "PC",
"lastSeen": "2025-09-01T07:52:35.000Z",
"firstSeen": "2025-07-24T09:47:49.000Z",
"name": "User-008-LM-IL",
"ip": "10.0.3.8",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.8",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:03:08",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000009",
"category": "PC",
"lastSeen": "2025-09-01T07:52:35.000Z",
"firstSeen": "2025-07-25T12:49:50.000Z",
"name": "User-009-LM-UA",
"ip": "10.0.3.9",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.7",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:03:09",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000010",
"category": "PC",
"lastSeen": "2025-09-01T07:52:33.000Z",
"firstSeen": "2025-07-24T07:38:12.000Z",
"name": "User-010-LM-IL",
"ip": "10.0.4.10",
"site": null,
"os": {
"product": "macOS",
"version": "15.6",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:04:10",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000011",
"category": "PC",
"lastSeen": "2025-09-01T07:51:16.000Z",
"firstSeen": "2025-08-05T08:00:13.000Z",
"name": "User-011-LM-IL",
"ip": "10.0.4.11",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:04:11",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000012",
"category": "PC",
"lastSeen": "2025-09-01T07:51:16.000Z",
"firstSeen": "2025-07-25T05:56:36.000Z",
"name": "User-012-LM-JP",
"ip": "10.0.4.12",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.8",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:04:12",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000013",
"category": "PC",
"lastSeen": "2025-09-01T07:50:42.000Z",
"firstSeen": "2025-07-24T08:00:31.000Z",
"name": "User-013-LM-IL",
"ip": "10.0.5.13",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:05:13",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000014",
"category": "PC",
"lastSeen": "2025-09-01T07:50:41.000Z",
"firstSeen": "2025-07-27T07:19:33.000Z",
"name": "User-014-LM-IL",
"ip": "10.0.5.14",
"site": null,
"os": {
"product": "macOS",
"version": "15.6",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:05:14",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000015",
"category": "PC",
"lastSeen": "2025-09-01T07:50:16.000Z",
"firstSeen": "2025-07-24T07:22:25.000Z",
"name": "User-015-LM-IL",
"ip": "10.0.5.15",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:05:15",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000016",
"category": "PC",
"lastSeen": "2025-09-01T07:50:06.000Z",
"firstSeen": "2025-07-24T11:22:08.000Z",
"name": "User-016-LM-IL",
"ip": "10.0.6.16",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.8",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:06:16",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000017",
"category": "PC",
"lastSeen": "2025-09-01T07:49:52.000Z",
"firstSeen": "2025-07-24T07:38:40.000Z",
"name": "User-017-LM-IL",
"ip": "10.0.6.17",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:06:17",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000018",
"category": "PC",
"lastSeen": "2025-09-01T07:48:51.000Z",
"firstSeen": "2025-07-24T12:34:20.000Z",
"name": "User-018-LM-IL",
"ip": "10.0.6.18",
"site": null,
"os": {
"product": "macOS",
"version": "15.6",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:06:18",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000019",
"category": "PC",
"lastSeen": "2025-09-01T07:47:53.000Z",
"firstSeen": "2025-07-27T13:47:18.000Z",
"name": "User-019-LM-IL",
"ip": "10.0.7.19",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:07:19",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000020",
"category": "PC",
"lastSeen": "2025-09-01T07:47:48.000Z",
"firstSeen": "2025-07-24T07:35:50.000Z",
"name": "User-020-LM-IL",
"ip": "10.0.7.20",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:07:20",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000021",
"category": "PC",
"lastSeen": "2025-09-01T07:46:56.000Z",
"firstSeen": "2025-07-24T07:31:12.000Z",
"name": "User-021-LM-IL",
"ip": "10.0.7.21",
"site": null,
"os": {
"product": "macOS",
"version": "14.7.8",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:07:21",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000022",
"category": "PC",
"lastSeen": "2025-09-01T07:46:48.000Z",
"firstSeen": "2025-07-24T13:43:54.000Z",
"name": "User-022-LM-IL",
"ip": "10.0.8.22",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:08:22",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000023",
"category": "PC",
"lastSeen": "2025-09-01T07:46:45.000Z",
"firstSeen": "2025-07-27T12:57:17.000Z",
"name": "User-023-LM-IL",
"ip": "10.0.8.23",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:08:23",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000024",
"category": "PC",
"lastSeen": "2025-09-01T07:46:42.000Z",
"firstSeen": "2025-07-24T13:43:54.000Z",
"name": "User-024-LM-IL",
"ip": "10.0.8.24",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:08:24",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
},
{
"id": "dev000000000000000000025",
"category": "PC",
"lastSeen": "2025-09-01T07:46:42.000Z",
"firstSeen": "2025-07-23T14:55:25.000Z",
"name": "User-025-LM-IL",
"ip": "10.0.8.25",
"site": null,
"os": {
"product": "macOS",
"version": "15.6.1",
"vendor": null,
"__typename": "DeviceOs"
},
"nic": {
"macAddress": "XX:XX:XX:XX:08:25",
"__typename": "DeviceNic"
},
"hw": {
"type": "Laptop",
"manufacturer": "Apple",
"model": "MacBook Pro",
"__typename": "DeviceHw"
},
"networkInfo": null,
"user": null,
"__typename": "DeviceV2"
}
],
"paging": {"total": 529, "__typename": "PageInfo"},
"__typename": "DevicesPayload"
}
}
}
}
DynamicIpAllocationPolicyQueries
policy
Beta
Response
Returns a DynamicIpAllocationPolicy!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationPolicyInput
|
Example
Query
query DynamicIpAllocation($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
policy {
enabled
rules {
properties
rule {
id
index
name
range {
globalIpRange{
id
name
}
}
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc",
"index": 1,
"name": "Rule2",
"range": {
"globalIpRange": {"id": "1927109", "name": "12.22.17.0/24"}
}
}
},
{
"properties": [],
"rule": {
"id": "eb2d4d79-0149-4839-a5c4-fc167211dbe6",
"index": 2,
"name": "Rule1",
"range": {
"globalIpRange": {"id": "1927108", "name": "12.22.16.0/24"}
}
}
},
{
"properties": [],
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"index": 3,
"name": "Updated rule name",
"range": {
"globalIpRange": {"id": "1927110", "name": "12.22.18.0/24"}
}
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "54a367d6-75da-4399-bc03-65170ea97d3f",
"name": "Updated section new to the new name"
}
},
{
"properties": [],
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
{
"properties": [],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query DynamicIpAllocation($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
EnterpriseDirectoryQueries
locationList
Beta
Description
Retrieve the account location items
Response
Returns an EnterpriseDirectoryLocationListPayload
Arguments
| Name | Description |
|---|---|
input - EnterpriseDirectoryLocationListInput
|
Example
Query
query getEDLocations($accountID:ID!, $input: EnterpriseDirectoryLocationListInput!) {
enterpriseDirectory(accountId:$accountID) {
locationList( input: $input ) {
items {
id
name
type
description
archived
account {
id
}
details{
companyName
postalAddress{
cityName
country {
name
id
}
street
stateName
zipCode
addressValidated
}
vatId
contact{
name
phone
email
}
}
}
pageInfo{
total
}
}
}
}
Variables
{
"accountID": "123456",
"input": {
"filter": {"countryCode": [{"in": ["FR"]}]},
"sort": {"name": {"direction": "ASC", "priority": 0}},
"paging": {"limit": 1, "from": 0}
}
}
Response
{
"data": {
"enterpriseDirectory": {
"locationList": {
"items": [
{
"id": "312be4ca-2b21-4144-99e4-8a0c43dd6cee",
"account": {"id": "123456", "name": ""},
"name": "test",
"type": "BRANCH",
"description": "test",
"archived": false,
"details": {
"companyName": "Angelina",
"postalAddress": {
"cityName": "Paris",
"street": "226 rue de rivoli",
"country": {"id": "fr", "name": "france"},
"stateName": "",
"zipCode": "75009",
"addressValidated": "VALID"
},
"vatId": "",
"contact": {
"name": "Angelina",
"phone": "55422348",
"email": "Angelina@gmail.com"
}
}
}
],
"pageInfo": {"total": 10}
}
}
}
}
ExternalAccessQueries
incomingAccessRequestList
Beta
Description
List account access requests for managed accounts.
Response
Returns an IncomingAccessRequestListPayload
Arguments
| Name | Description |
|---|---|
input - IncomingAccessRequestListInput
|
Example
Query
query incomingAccessRequestList($accountId: ID!, $input: IncomingAccessRequestListInput!) {
externalAccess(accountId: $accountId) {
incomingAccessRequestList(input: $input) {
items {
id
activeDate
expirationDate
note
partner {
id
name
}
reason
requestedDate
status
permissions {
permissions {
action
resource
}
}
isAppliedOnAllFullyManagedAccounts
}
paging {
total
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"paging": {"limit": 10, "from": 0},
"filter": {"status": {"eq": "PENDING"}},
"sort": {"requestedDate": {"direction": "DESC"}}
}
}
Response
{
"data": {
"externalAccess": {
"incomingAccessRequestList": {
"items": [
{
"id": "175519",
"activeDate": "2025-02-04T06:44:52.000Z",
"expirationDate": "2027-02-04T06:44:51.894Z",
"note": "",
"partner": {"id": "1", "name": "Cato"},
"reason": "",
"requestedDate": "2025-02-04T06:44:52.000Z",
"status": "ACTIVE",
"permissions": {
"permissions": [{"action": "EDIT", "resource": "NetworkRules"}]
},
"isAppliedOnAllFullyManagedAccounts": false
}
],
"paging": {"total": 1}
}
}
}
}
partnerAccessRequestList
Beta
Description
List account access requests for partners.
Response
Returns a PartnerAccessRequestListPayload
Arguments
| Name | Description |
|---|---|
input - PartnerAccessRequestListInput
|
Example
Query
query partnerAccessRequestList($accountId: ID!, $input: PartnerAccessRequestListInput!) {
externalAccess(accountId: $accountId) {
partnerAccessRequestList(input: $input) {
items {
id
partner {
id
name
}
requestedDate
expirationDate
status
reason
partnerNote
account {
id
name
}
admins {
id
name
}
roles {
id
name
}
activeDate
groups {
id
name
}
isAppliedOnAllFullyManagedAccounts
}
paging {
total
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"paging": {"limit": 10, "from": 0},
"filter": {"status": {"eq": "ACTIVE"}},
"sort": {"requestedDate": {"direction": "DESC"}}
}
}
Response
{
"data": {
"externalAccess": {
"partnerAccessRequestList": {
"items": [
{
"id": "67b4435d3810833e71967008",
"partner": {"id": "123456", "name": "PartnerLevel1"},
"requestedDate": "2025-02-18T08:22:51.222Z",
"expirationDate": "2125-02-18T08:22:51.216Z",
"status": "ACTIVE",
"reason": "Partner (Reseller) access",
"partnerNote": null,
"account": {"id": "225067", "name": "PartnerLevel3"},
"admins": [
{"id": "93593", "name": "a a"},
{"id": "94767", "name": "a b"}
],
"roles": [{"id": "24", "name": "Reseller Editor"}],
"activeDate": "2025-02-18T08:22:53.231Z",
"groups": [],
"isAppliedOnAllFullyManagedAccounts": false
}
],
"paging": {"total": 1}
}
}
}
}
GroupsQueries
group
Beta
Description
Get a specific group configuration. The group can be identified by ID or name.
Response
Returns a Group
Arguments
| Name | Description |
|---|---|
input - GroupRefInput!
|
Example
Query
query Group($accountId: ID!, $groupRefInput: GroupRefInput!, $groupMembersListInput: GroupMembersListInput!) {
groups(accountId: $accountId) {
group(input: $groupRefInput) {
id
name
description
membersCount
members(input: $groupMembersListInput) {
items {
id
name
type
}
paging {
total
}
}
membersCountPerType {
type
membersCount
}
}
}
}
Variables
{
"accountId": 12345,
"groupRefInput": {"by": "NAME", "input": "group-1"},
"groupMembersListInput": {"paging": {"limit": 10}}
}
Response
{
"data": {
"groups": {
"group": {
"id": "12345",
"name": "group-1",
"description": "group of sites and hosts",
"membersCount": 2,
"members": {
"items": [
{"id": "67890", "name": "site-1", "type": "SITE"},
{"id": "67891", "name": "host-1", "type": "HOST"}
],
"paging": {"total": 2}
},
"membersCountPerType": [
{"type": "HOST", "membersCount": 1},
{"type": "SITE", "membersCount": 1}
]
}
}
}
}
groupList
Beta
Description
Get a list of groups, with optional filters and sorting. This query only returns basic information for each group (e.g. name, ID). To view full configuration details, including members, use the group query for each result.
Response
Returns a GroupListPayload
Arguments
| Name | Description |
|---|---|
input - GroupListInput
|
Default |
Example
Query
query Group($accountId: ID!, $groupListInput: GroupListInput) {
groups(accountId: $accountId) {
groupList(input: $groupListInput) {
items {
id
name
description
membersCount
membersCountPerType {
type
membersCount
}
audit {
updatedTime
}
},
paging {
total
}
}
}
}
Variables
{
"accountId": 12345,
"groupListInput": {"sort": {"audit": {"updatedTime": {"direction": "DESC"}}}}
}
Response
{
"data": {
"groups": {
"items": [
{
"id": "12345",
"name": "group-1",
"description": "group of sites and hosts",
"membersCount": 2,
"membersCountPerType": [
{"type": "HOST", "membersCount": 1},
{"type": "SITE", "membersCount": 1}
],
"audit": {"updatedTime": "2023-10-01T12:00:00Z"}
}
],
"paging": {"total": 1}
}
}
}
whereUsed
Beta
Description
Check which policies use the group.
Response
Returns a GroupWhereUsedPayload
Arguments
| Name | Description |
|---|---|
input - GroupRefInput!
|
Example
Query
query GroupWhereUsed($accountID: ID!, $input: GroupRefInput!) {
groups(accountId: $accountID) {
whereUsed(input: $input) {
used
invalidMemberTypes {
type
scope {
type
field
}
}
}
}
}
Variables
{"accountID": "12345", "input": {"input": "ABC12345"}}
Response
{
"data": {
"groups": {
"whereUsed": {
"used": true,
"invalidMemberTypes": [],
"usage": [{"type": "internetFirewall", "field": ["source"]}]
}
}
}
}
HardwareManagementQueries
socketInventory
Beta
Description
Retrieve the account socket inventory
Response
Returns a SocketInventoryPayload!
Arguments
| Name | Description |
|---|---|
input - SocketInventoryInput
|
Example
Query
query socketInventory($accountId: ID!, $input: SocketInventoryInput!) {
hardwareManagement(accountId: $accountId) {
socketInventory(input: $input) {
items {
id
status
serialNumber
socketMac
socketVersion
site {
id
name
}
account {
id
name
}
shippingDate
socketType
trackingUrl
trackingNumber
shippingCompany
deliverySiteName
description
hardwareVersion
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"paging": {"limit": 25, "from": 0},
"filter": {"freeText": {"search": "search"}},
"sort": {"deliverySiteName": {"direction": "ASC"}}
}
}
Response
{
"data": {
"hardwareManagement": {
"socketInventory": {
"items": [
{
"id": "111111",
"status": "DELIVERED",
"serialNumber": "987654321",
"socketMac": "00-B0-D0-63-C2-26",
"socketVersion": "13.0.11395",
"site": {"id": "010101", "name": "exampleSite"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1500",
"trackingUrl": "https://fedex.com/1111111",
"trackingNumber": "1111111",
"shippingCompany": "fedex",
"deliverySiteName": "exampleWarehouse",
"description": "example description",
"hardwareVersion": "X1500"
},
{
"id": "2222222",
"status": "SHIPPED",
"serialNumber": "123456789",
"socketMac": "00-B0-D0-63-C2-27",
"socketVersion": "13.0.11395",
"site": {"id": "0202", "name": "exampleSite2"},
"account": {"id": "123456", "name": "exampleAccount"},
"shippingDate": "2024-05-22T08:36:58Z",
"socketType": "X1700",
"trackingUrl": "https://ups.com/2222222",
"trackingNumber": "2222222",
"shippingCompany": "ups",
"deliverySiteName": "exampleWarehouse2",
"description": "example description 2",
"hardwareVersion": "X1500"
}
],
"pageInfo": {"total": 2}
}
}
}
}
HardwareQueries
countHardwareByStatus
Beta
Description
Count of hardware items by shipping status
Response
Returns a StatusCount
Example
Query
query hardware($accountID:ID!) {
hardware(accountId:$accountID) {
countHardwareByStatus{
PENDING_INFO
CONFIRM_SHIPPING
IN_TRANSIT
DELIVERED
}
}
}
Variables
{"accountID": "26361"}
Response
{
"data": {
"hardware": {
"__typename": "HardwareQueries",
"countHardwareByStatus": {
"PENDING_INFO": 205,
"CONFIRM_SHIPPING": 5,
"IN_TRANSIT": 0,
"DELIVERED": 43,
"__typename": "StatusCount"
}
}
}
}
hardware
Beta
Description
Retrieve the account hardware items
Response
Returns a HardwarePayload
Arguments
| Name | Description |
|---|---|
input - HardwareSearchInput
|
Example
Query
query hardware($accountID:ID!, $input: HardwareSearchInput!) {
hardware(accountId:$accountID) {
hardware( input: $input ) {
items {
id
account {
id
}
shippingDetail{
cityName
countryName
street
powerCable
zipCode
}
validation{
addressValidationStatus
}
}
pageInfo{
total
}
}
}
}
Variables
{
"accountID": "26361",
"input": {
"filter": {"countryName": [{"in": ["France"]}], "product": []},
"sort": {"licenseStartDate": {"direction": "ASC", "priority": 0}}
}
}
Response
{
"data": {
"hardware": {
"hardware": {
"items": [
{
"id": "4179d060-ea44-4c9d-a175-958c2b19d971",
"account": {
"id": "10036494",
"name": "",
"__typename": "AccountRef"
},
"siteCountryName": "Netherlands",
"siteSFId": "a4O08000002SvzB",
"sfId": "a1a0800000z14aQAAQ",
"licenseId": "LIC-BW-7717-000021",
"quoteId": "quote1",
"licenseStartDate": "2023-08-01",
"productType": "Socket",
"serialNumber": "2305100839",
"model": "Cato Socket X1500 (HA)",
"lastModified": "2024-11-21T10:37:21.647Z",
"shippingTracking": {
"trackingNumber": "GE958808541NL",
"trackingUrl": "<a href=\"https://www.tnt.com/express/en_nl/site/shipping-tools/tracking.html?searchType=con&cons=GE958808541NL\" target=\"_blank\">Track HW-045393</a>",
"shippingStatus": "PENDING_INFO",
"shippingDate": "2023-08-10",
"__typename": "ShippingTracking"
},
"shippingDetail": {
"companyName": "",
"street": "",
"cityName": "",
"countryName": "",
"stateName": "",
"zipCode": "",
"incoterms": "",
"instruction": "",
"vatId": "",
"contact": {
"name": "",
"phone": "",
"email": "",
"__typename": "ContactDetails"
},
"comment": "",
"powerCable": "C14",
"__typename": "ShippingDetails"
},
"validation": {
"completed": false,
"incompleteReason": "Missing company name",
"addressValidationStatus": "NA",
"__typename": "HardwareValidation"
},
"__typename": "Hardware"
},
{
"id": "775c6827-b3c1-4921-880b-7c59ed6e0154",
"account": {
"id": "10036494",
"name": "",
"__typename": "AccountRef"
},
"siteCountryName": "Belgium",
"siteSFId": "a4O08000002Svzq",
"sfId": "a1a0800000z14ajAAA",
"licenseId": "LIC-BW-7717-000001",
"quoteId": "quote1",
"licenseStartDate": "2023-11-01",
"productType": "Socket",
"serialNumber": "2324100210",
"model": "Cato Socket X1700 (Main)",
"lastModified": "2024-11-21T10:37:21.750Z",
"shippingTracking": {
"trackingNumber": "10273779",
"trackingUrl": "",
"shippingStatus": "PENDING_INFO",
"shippingDate": "2023-10-31",
"__typename": "ShippingTracking"
},
"shippingDetail": {
"companyName": "",
"street": "",
"cityName": "",
"countryName": "",
"stateName": "",
"zipCode": "",
"incoterms": "",
"instruction": "",
"vatId": "",
"contact": {
"name": "",
"phone": "",
"email": "",
"__typename": "ContactDetails"
},
"comment": "",
"powerCable": "C14",
"__typename": "ShippingDetails"
},
"validation": {
"completed": false,
"incompleteReason": "Missing company name",
"addressValidationStatus": "NA",
"__typename": "HardwareValidation"
},
"__typename": "Hardware"
}
],
"pageInfo": {"total": 10}
}
}
}
}
InternetFirewallPolicyQueries
policy
Beta
Response
Returns an InternetFirewallPolicy!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": ["SYSTEM"],
"rule": {
"id": "f99c880a-7474-42a7-9da1-828c2d93abe6",
"index": 1,
"name": "Block any P2P"
}
},
{
"properties": [],
"rule": {
"id": "8df22e9d-c5c2-417e-a282-7c9908bfc1f4",
"index": 2,
"name": "Default Block Tor, SMB, SMTP"
}
},
{
"properties": [],
"rule": {
"id": "d42482ef-cbf2-494d-9343-5dc6ca30f815",
"index": 3,
"name": "Default Block for Categories"
}
},
{
"properties": [],
"rule": {
"id": "5d04747f-b31f-4d7c-8c02-831f07df80b8",
"index": 4,
"name": "Default prompt for Categories"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
]
}
}
}
}
}
policyList
Beta
Description
Provides a list of all policies of Internet Firewall with filtering, pagination and sorting capabilities
Response
Returns an InternetFirewallPolicyListPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallPolicyListInput!
|
Default |
Example
Query
query internetFirewallPolicyByIds($accountId: ID!, $limit: Int!, $filter: InternetFirewallPolicyListFilterInput) {
policy(accountId: $accountId) {
internetFirewall {
policyList(input: {paging: {limit: $limit}, filter: $filter}) {
items {
id
name
description
enabled
policyLevel
}
paging {
total
}
}
}
}
}
Variables
{
"accountId": 12345,
"limit": 1,
"filter": {"id": {"in": ["f07a3670-88ed-48e6-8a31-6f9047e9f584"]}}
}
Response
{
"data": {
"policy": {
"internetFirewall": {
"policyList": {
"items": [
{
"id": "f07a3670-88ed-48e6-8a31-6f9047e9f584",
"name": "Main",
"description": "",
"enabled": true,
"policyLevel": "MAIN"
}
],
"paging": {"total": 1}
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
LicensingQueries
licensingInfo
Beta
Description
BETA
Response
Returns a LicensingInfo
Example
Query
query licensingInfo($accountId: ID!) {
licensing(accountId: $accountId) {
licensingInfo {
atp {
sku
}
dem {
sku
total
__typename
}
casb {
sku
plan
status
expirationDate
__typename
}
dataLake {
sku
total
dpaVersion
__typename
}
pooledBandwidth {
sku
plan
status
expirationDate
startDate
total
siteLicenseGroup
siteLicenseType
allocatedBandwidth
sites {
site {
id
name
}
allocatedBandwidth
}
__typename
}
site {
sku
plan
status
expirationDate
startDate
total
siteLicenseGroup
siteLicenseType
site {
id
name
}
__typename
}
globalLicenseAllocations {
publicIps {
total
allocated
available
__typename
}
ztnaUsers {
total
allocated
available
__typename
}
}
}
}
}
Variables
{"accountId": "123"}
Response
{
"data": {
"licensing": {
"licensingInfo": {
"atp": [],
"dem": [{"sku": "CATO_DEM", "total": 10, "__typename": "DemLicense"}],
"casb": [
{
"sku": "CATO_CASB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2026-02-02T00:00:00.000Z",
"__typename": "CasbLicense"
}
],
"dataLake": [
{
"sku": "CATO_DATALAKE_3M",
"total": 1,
"dpaVersion": "DPA_2023_01",
"__typename": "DataLakeLicense"
}
],
"pooledBandwidth": [
{
"sku": "CATO_PB",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2024-07-04T00:00:00.000Z",
"startDate": "2024-03-31T00:00:00.000Z",
"total": 250,
"siteLicenseGroup": "GROUP_2",
"siteLicenseType": "SASE",
"allocatedBandwidth": 50,
"sites": [
{
"site": {"id": "456", "name": "Tokyo"},
"allocatedBandwidth": 20
},
{
"site": {"id": "789", "name": "Sydney"},
"allocatedBandwidth": 30
}
],
"__typename": "PooledBandwidthLicense"
}
],
"site": [
{
"sku": "CATO_SITE",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"expirationDate": "2025-04-30T00:00:00.000Z",
"startDate": "2024-04-24T21:00:00.000Z",
"total": 100,
"siteLicenseGroup": "GROUP_1",
"siteLicenseType": "SASE",
"site": {"id": "123", "name": "London"},
"__typename": "SiteLicense"
}
],
"globalLicenseAllocations": {
"publicIps": {
"total": 3,
"allocated": 0,
"available": 3,
"__typename": "PublicIpsLicenseAllocations"
},
"ztnaUsers": {
"total": 65,
"allocated": 5,
"available": 60,
"__typename": "ZtnaUsersLicenseAllocations"
}
}
}
}
}
}
NotificationSubscriptionQueries
mailingList
Description
Retrieves details of a specific Mailing List
Response
Returns a MailingList
Arguments
| Name | Description |
|---|---|
input - MailingListRefInput!
|
Example
Query
query NotificationMailingList($accountId: ID!) {
notification(accountId: $accountId) {
mailingList(input: {
by: ID
input: "example-id"
}) {
id
name
type
address
admin {
id
}
audit {
updatedTime
updatedBy {
name
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"mailingList": {
"id": "example-id",
"name": "Security Team",
"type": "SPECIFIC_EMAILS",
"address": ["security-lead@example.com", "soc-analyst@example.com"],
"admin": [{"id": "example-id"}],
"audit": {
"updatedBy": {"__typename": "AdminRef", "name": "admin@example.com"},
"updatedTime": "2025-01-15T10:30:00Z"
}
}
}
}
}
mailingListList
Description
Retrieves all Mailing Lists available in the account.
Response
Returns a MailingListListPayload!
Example
Query
query NotificationMailingListList($accountId: ID!) {
notification(accountId: $accountId) {
mailingListList {
items {
id
name
type
address
admin {
id
}
audit {
updatedTime
updatedBy {
name
}
}
}
paging {
total
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"mailingListList": {
"items": [
{
"id": "example-id",
"name": "Security Team",
"type": "SPECIFIC_EMAILS",
"address": ["security-lead@example.com", "soc-analyst@example.com"],
"admin": [{"id": "example-id"}],
"audit": {
"updatedBy": {
"__typename": "AdminRef",
"name": "admin@example.com"
},
"updatedTime": "2025-01-15T10:30:00Z"
}
},
{
"id": "example-id",
"name": "Network Operations",
"type": "SPECIFIC_EMAILS",
"address": ["noc@example.com"],
"admin": [],
"audit": {
"updatedBy": {
"__typename": "AdminRef",
"name": "admin@example.com"
},
"updatedTime": "2025-03-10T08:00:00Z"
}
}
],
"paging": {"total": 2}
}
}
}
}
subscriptionGroup
Description
Retrieves details of a specific Subscription Group for the account. Subscription Groups combine Mailing Lists and integrations (including webhooks) for sending notifications.
Response
Returns a SubscriptionGroup
Arguments
| Name | Description |
|---|---|
input - SubscriptionGroupRefInput!
|
Example
Query
query NotificationSubscriptionGroup($accountId: ID!) {
notification(accountId: $accountId) {
subscriptionGroup(input: {
by: ID
input: "example-id"
}) {
id
name
mailingList {
id
name
type
address
}
integration {
webhookList {
id
name
enabled
url
requestMethod
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"subscriptionGroup": {
"id": "example-id",
"name": "Critical Alerts",
"mailingList": [
{
"id": "example-id",
"name": "Security Team",
"type": "SPECIFIC_EMAILS",
"address": ["security-lead@example.com", "soc-analyst@example.com"]
}
],
"integration": {
"webhookList": [
{
"id": "example-id",
"name": "Slack Security Channel",
"enabled": true,
"url": "https://hooks.slack.com/services/example",
"requestMethod": "POST"
}
]
}
}
}
}
}
subscriptionGroupList
Description
Retrieves list of Subscription Groups for the account. Subscription Groups combine Mailing Lists and integrations (including webhooks) for sending notifications
Response
Returns a SubscriptionGroupListPayload!
Example
Query
query NotificationSubscriptionGroupList($accountId: ID!) {
notification(accountId: $accountId) {
subscriptionGroupList {
items {
id
name
mailingList {
id
name
}
integration {
webhookList {
id
name
enabled
url
}
}
}
paging {
total
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"subscriptionGroupList": {
"items": [
{
"id": "example-id",
"name": "Critical Alerts",
"mailingList": [{"id": "example-id", "name": "Security Team"}],
"integration": {
"webhookList": [
{
"id": "example-id",
"name": "Slack Security Channel",
"enabled": true,
"url": "https://hooks.slack.com/services/example"
}
]
}
},
{
"id": "example-id",
"name": "Network Notifications",
"mailingList": [{"id": "example-id", "name": "Network Operations"}],
"integration": {"webhookList": []}
}
],
"paging": {"total": 2}
}
}
}
}
IntegrationQueries
referenceBodyTemplate
Description
Retrieves specific webhook reference body template.
Response
Returns a WebhookReferenceBodyTemplate
Arguments
| Name | Description |
|---|---|
input - WebhookTemplateRefInput!
|
Example
Query
query NotificationReferenceBodyTemplate($accountId: ID!) {
notification(accountId: $accountId) {
integration {
referenceBodyTemplate(input: {
by: NAME
input: "ServiceNow - Create Incident"
}) {
id
name
bodyTemplate
url
requestMethod
header {
name
value
}
responseMapping {
key
value
}
webhookRelationType
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {
"referenceBodyTemplate": {
"id": "example-id",
"name": "ServiceNow - Create Incident",
"bodyTemplate": "{\"short_description\": \"$alertTypeName\", \"description\": \"$alertMessage\", \"urgency\": \"1\"}",
"url": "https://instance.service-now.com/api/now/table/incident",
"requestMethod": "POST",
"header": [{"name": "Content-Type", "value": "application/json"}],
"responseMapping": [
{"key": "correlationId", "value": "result.sys_id"}
],
"webhookRelationType": "CREATE"
}
}
}
}
}
referenceBodyTemplateList
Description
Retrieves all available webhook reference body templates.
Response
Returns a WebhookReferenceBodyTemplateListPayload!
Example
Query
query NotificationReferenceBodyTemplateList($accountId: ID!) {
notification(accountId: $accountId) {
integration {
referenceBodyTemplateList {
items {
id
name
bodyTemplate
url
requestMethod
header {
name
value
}
responseMapping {
key
value
}
webhookRelationType
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {
"referenceBodyTemplateList": {
"items": [
{
"id": "example-id",
"name": "ServiceNow - Create Incident",
"bodyTemplate": "{\"short_description\": \"$alertTypeName\", \"description\": \"$alertMessage\", \"urgency\": \"1\"}",
"url": "https://instance.service-now.com/api/now/table/incident",
"requestMethod": "POST",
"header": [{"name": "Content-Type", "value": "application/json"}],
"responseMapping": [
{"key": "correlationId", "value": "result.sys_id"}
],
"webhookRelationType": "CREATE"
},
{
"id": "example-id",
"name": "Slack - Post Message",
"bodyTemplate": "{\"text\": \"$alertTypeName: $alertMessage\"}",
"url": "https://hooks.slack.com/services/your/webhook/url",
"requestMethod": "POST",
"header": [],
"responseMapping": [],
"webhookRelationType": null
}
]
}
}
}
}
}
webhook
Description
Retrieves details of the specified webhook.
Response
Returns a Webhook
Arguments
| Name | Description |
|---|---|
input - WebhookIntegrationRefInput!
|
Example
Query
query NotificationWebhook($accountId: ID!) {
notification(accountId: $accountId) {
integration {
webhook(input: {
by: ID
input: "example-id"
}) {
id
name
enabled
url
requestMethod
header {
name
value
}
body
responseMapping {
key
value
}
relatedWebhookId
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {
"webhook": {
"id": "example-id",
"name": "Slack Security Channel",
"enabled": true,
"url": "https://hooks.slack.com/services/example",
"requestMethod": "POST",
"header": [{"name": "Content-Type", "value": "application/json"}],
"body": "{\"text\": \"$alertTypeName - $alertMessage\"}",
"responseMapping": [],
"relatedWebhookId": null
}
}
}
}
}
webhookFields
Description
Retrieves all available webhook integration available custom fields
Response
Returns a WebhookFieldsPayload
Example
Query
query NotificationWebhookFields($accountId: ID!) {
notification(accountId: $accountId) {
integration {
webhookFields {
bodyFields
urlFields
headerFields
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {
"webhookFields": {
"bodyFields": [
"$accountId",
"$accountName",
"$alertTypeName",
"$alertMessage",
"$alertTime",
"$alertSeverity",
"$correlationId"
],
"urlFields": ["$accountId", "$correlationId"],
"headerFields": ["$accountId", "$correlationId"]
}
}
}
}
}
webhookList
Description
Retrieves all webhooks configured on the account.
Response
Returns a WebhookListPayload!
Example
Query
query NotificationWebhookList($accountId: ID!) {
notification(accountId: $accountId) {
integration {
webhookList {
items {
id
name
enabled
url
requestMethod
header {
name
value
}
body
responseMapping {
key
value
}
relatedWebhookId
}
paging {
total
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {
"webhookList": {
"items": [
{
"id": "example-id",
"name": "Slack Security Channel",
"enabled": true,
"url": "https://hooks.slack.com/services/example",
"requestMethod": "POST",
"header": [{"name": "Content-Type", "value": "application/json"}],
"body": "{\"text\": \"$alertTypeName - $alertMessage\"}",
"responseMapping": [],
"relatedWebhookId": null
},
{
"id": "example-id",
"name": "ServiceNow Create Incident",
"enabled": true,
"url": "https://instance.service-now.com/api/now/table/incident",
"requestMethod": "POST",
"header": [],
"body": "{\"short_description\": \"$alertTypeName\", \"description\": \"$alertMessage\"}",
"responseMapping": [
{"key": "correlationId", "value": "result.sys_id"}
],
"relatedWebhookId": null
}
],
"paging": {"total": 2}
}
}
}
}
}
PopLocationQueries
allocatedIpList
Beta
Description
Returns a paginated list of allocated IP addresses for PoP locations, with optional filters.
Response
Returns a PopLocationAllocatedIpPayload
Arguments
| Name | Description |
|---|---|
input - PopLocationAllocatedIpInput
|
Example
Query
query allocatedIpList($accountId: ID!, $input: PopLocationAllocatedIpInput) {
popLocations(accountId: $accountId) {
allocatedIpList(input: $input) {
allocatedIp {
id
ip
description
allocationType
popLocation {
id
name
}
}
paging {
total
}
}
}
}
Variables
{"accountId": "123", "input": {"filter": {"allocationType": {"eq": "SYSTEM"}}}}
Response
{
"data": {
"popLocations": {
"allocatedIpList": {
"allocatedIp": [
{
"id": "1234",
"ip": "203.0.113.10",
"description": "primary London address",
"allocationType": "SYSTEM",
"popLocation": {"id": "456", "name": "London-1"}
},
{
"id": "allocated-ip-2",
"ip": "203.0.113.11",
"description": "Secondary London address",
"allocationType": "SYSTEM",
"popLocation": {"id": "456", "name": "London-1"}
}
],
"paging": {"total": 2}
}
}
}
}
popLocationList
Beta
Response
Returns a PopLocationPayload
Arguments
| Name | Description |
|---|---|
input - PopLocationFilterInput
|
Example
Query
query popLocationList($accountId: ID!, $input: PopLocationFilterInput) {
popLocations(accountId: $accountId) {
popLocationList(input: $input) {
items {
id
name
displayName
country {
id
name
}
isPrivate
cloudInterconnect {
taggingMethod
providerName
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {"isPrivate": {"eq": false}, "primary": {"eq": true}}
}
Response
{
"data": {
"popLocations": {
"popLocationList": {
"items": [
{
"id": "456",
"name": "London-1",
"displayName": "London Primary",
"country": {"id": "GB", "name": "United Kingdom"},
"isPrivate": false,
"cloudInterconnect": [
{"taggingMethod": "DOT1Q", "providerName": "Equinix"},
{"taggingMethod": "QINQ", "providerName": "Equinix"}
]
},
{
"id": "lon2",
"name": "London-2",
"displayName": "London Secondary",
"country": {"id": "gb", "name": "United Kingdom"},
"isPrivate": false,
"cloudInterconnect": [
{"taggingMethod": "DOT1Q", "providerName": "Equinix"}
]
}
]
}
}
}
}
RemotePortFwdPolicyQueries
policy
Beta
Response
Returns a RemotePortFwdPolicy!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdPolicyInput
|
Example
Query
query RemotePortFwdPolicy($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
policy {
enabled
rules {
rule {
id
name
index
enabled
section {
id
name
}
description
forwardIcmp
externalIp {
id
name
}
externalPortRange {
from
to
}
internalIp
internalPortRange {
from
to
}
remoteIPs {
ip
ipRange {
from
to
}
subnet
globalIpRange {
id
name
}
}
restrictionType
}
}
sections {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"policy": {
"enabled": false,
"rules": [
{
"rule": {
"id": "4b80b0ac-94ea-45b8-9ae0-20d6104607ce",
"name": "new rule",
"index": 1,
"enabled": true,
"section": {
"id": "d11f742a-7b5b-4483-8b1f-71035de5406f",
"name": "My Section"
},
"description": "",
"forwardIcmp": false,
"externalIp": {
"id": "26",
"name": "site_test_4 - 192.168.1.16"
},
"externalPortRange": {"from": 75, "to": 75},
"internalIp": "222.222.22.22",
"internalPortRange": {"from": 75, "to": 75},
"remoteIPs": {
"ip": ["192.168.1.1"],
"ipRange": [],
"subnet": [],
"globalIpRange": []
},
"restrictionType": "ALLOW_LIST"
}
}
],
"sections": [
{
"section": {
"id": "d11f742a-7b5b-4483-8b1f-71035de5406f",
"name": "My Section"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query RemotePortFwd($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"revisions": {
"revision": [
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0},
{"name": "Test Revision", "changes": 0}
]
}
}
}
}
}
SandboxQueries
Description
Get a list of sandbox reports
Response
Returns a SandboxReportsPayload!
Arguments
| Name | Description |
|---|---|
input - SandboxReportsInput!
|
Example
Query
query Sandbox($accountId: ID!, $input: SandboxReportsInput!) {
sandbox(accountId: $accountId) {
reports(input: $input) {
report {
fileName
fileHash
status
verdict
downloadUrl
creationDate
expirationDate
}
pageInfo {
total
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"filter": {"fileName": {"in": "eicar.zip"}},
"sort": {"reportCreateDate": {"direction": "DESC"}},
"paging": {"limit": 20, "from": 0}
}
}
Response
{
"data": {
"sandbox": {
"reports": {
"report": [
{
"fileName": "eicar.zip",
"fileHash": "FILE_HASH",
"status": "READY",
"verdict": "MALICIOUS",
"downloadUrl": "DOWNLOAD_URL",
"creationDate": "2025-01-12T12:41:30.241Z",
"expirationDate": "2025-02-11T12:42:20.132Z"
}
],
"pageInfo": {"total": 1}
}
}
}
}
SiteQueries
Description
Retrieves available socket versions for the specified platforms.
Response
Returns an AvailableVersionListPayload
Arguments
| Name | Description |
|---|---|
input - AvailableVersionListInput!
|
Example
Query
query site($accountId: ID!, $input: AvailableVersionListInput!) {
site(accountId: $accountId) {
availableVersionList(input: $input) {
items {
platform
versions
}
}
}
}
Variables
{"accountId": 123, "input": {"platforms": ["X1500", "X1500_BR2", "AZ1500"]}}
Response
{
"data": {
"site": {
"availableVersionList": {
"items": [
{"platform": "X1500", "versions": []},
{"platform": "AZ1500", "versions": ["23.0.19481", "22.0.19284"]},
{
"platform": "X1500_BR2",
"versions": ["23.0.19481", "19.0.33354", "16.0.15740", "15.0.15144"]
}
]
}
}
}
}
bgpPeer
Beta
Description
Retrieves details of a specific BGP peer by reference.
Response
Returns a BgpPeer
Arguments
| Name | Description |
|---|---|
input - BgpPeerRefInput!
|
Example
Query
query bgpPeer($accountId: ID!, $input: BgpPeerRefInput!) {
site(accountId: $accountId) {
bgpPeer(input: $input) {
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
Variables
{"accountId": 123, "input": {"input": "example peer", "by": "NAME"}}
Response
{
"data": {
"site": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13373",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3833",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1692",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
bgpPeerList
Beta
Description
Retrieves a list of all BGP peers associated with the specified site.
Response
Returns a BgpPeerListPayload
Arguments
| Name | Description |
|---|---|
input - BgpPeerListInput!
|
Example
Query
query bgpPeerList($accountId: ID!, $input: BgpPeerListInput!) {
site(accountId: $accountId) {
bgpPeerList(input: $input){
total
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{"accountId": 123, "input": {"site": {"by": "ID", "input": "456"}}}
Response
{
"data": {
"site": {
"bgpPeerList": {
"total": 1,
"bgpPeer": [
{
"site": {"id": "456", "name": "test-accept"},
"id": "13373",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3833",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1692",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
]
}
}
}
}
cloudInterconnectConnectionConnectivity
Beta
Description
Check the L2 connectivity status of a cloud interconnect connection using ICMP.
Response
Returns a CloudInterconnectConnectionConnectivity
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectConnectionConnectivityInput!
|
Example
Query
query cloudInterconnectConnectionConnectivity($accountId: ID!, $input: CloudInterconnectConnectionConnectivityInput!) {
site(accountId : $accountId){
cloudInterconnectConnectionConnectivity(input: $input) {
success
}
}
}
Variables
{"accountId": 128782, "input": {"id": "MzY2MzM0LVBSSU1BUlk="}}
Response
{
"data": {
"site": {"cloudInterconnectConnectionConnectivity": {"success": false}}
}
}
cloudInterconnectPhysicalConnection
Beta
Description
Get details of a physical connection at a cloud interconnect site.
Response
Returns a CloudInterconnectPhysicalConnection
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectPhysicalConnectionInput!
|
Example
Query
query cloudInterconnectPhysicalConnection($accountId: ID!, $input: CloudInterconnectPhysicalConnectionInput!) {
site(accountId : $accountId){
cloudInterconnectPhysicalConnection(input: $input) {
site{
id
name
}
haRole
encapsulationMethod
subnet
privateCatoIp
privateSiteIp
upstreamBwLimit
downstreamBwLimit
popLocation{
id,
name
}
vlan
sVlan
cVlan
}
}
}
Variables
{"accountId": 128782, "input": {"id": "NDAwOTU3LVBSSU1BUlk="}}
Response
{
"data": {
"site": {
"cloudInterconnectPhysicalConnection": {
"site": {"id": "400957", "name": "cloud_interconnect_test_site"},
"haRole": "PRIMARY",
"encapsulationMethod": "DOT1Q",
"subnet": "200.0.2.0/24",
"privateCatoIp": "200.0.2.19",
"privateSiteIp": "200.0.2.20",
"upstreamBwLimit": 100,
"downstreamBwLimit": 100,
"popLocation": {
"id": "10000",
"name": "Exalt Socket Upgrade Simulator for TestCC2"
},
"vlan": 2713,
"sVlan": 0,
"cVlan": 0
}
}
}
}
cloudInterconnectPhysicalConnectionId
Beta
Description
Get the ID of a physical connection at a cloud interconnect site.
Response
Returns a CloudInterconnectPhysicalConnectionId
Arguments
| Name | Description |
|---|---|
input - CloudInterconnectPhysicalConnectionIdInput!
|
Example
Query
query cloudInterconnectPhysicalConnectionId($accountId: ID!, $input: CloudInterconnectPhysicalConnectionIdInput!) {
site(accountId : $accountId){
cloudInterconnectPhysicalConnectionId(input: $input) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {"site": {"by": "ID", "input": "400957"}, "haRole": "PRIMARY"}
}
Response
{
"data": {
"site": {
"cloudInterconnectPhysicalConnectionId": {"id": "NDAwOTU3LVBSSU1BUlk="}
}
}
}
retrieveUsedVlanIDs
Beta
Description
Retrieve the VLAN IDs that are already in use at a specific POP. This API is only applicable for reseller accounts with private POPs.
Response
Returns a RetrieveUsedVlanIDsPayload
Arguments
| Name | Description |
|---|---|
input - RetrieveUsedVlanIDsInput!
|
Example
Query
query retrieveUsedVlanIDs($accountId: ID!, $input: RetrieveUsedVlanIDsInput!) {
site(accountId: $accountId) {
retrieveUsedVlanIDs(input: $input) {
reservedDot1QVlans {
vlan
accountId
siteId
}
reservedQinQVlans {
qinqVlan {
sVlan
cVlan
}
accountId
siteId
}
ranges {
from
to
}
}
}
}
Variables
{
"accountId": 128782,
"input": {
"popLocation": {"by": "ID", "input": "10000"},
"serviceProviderName": "Example Provider",
"encapsulationMethod": "DOT1Q"
}
}
Response
{
"data": {
"site": {
"retrieveUsedVlanIDs": {
"reservedDot1QVlans": [
{"vlan": 100, "accountId": "128782", "siteId": "400957"},
{"vlan": 200, "accountId": "128782", "siteId": "400958"}
],
"reservedQinQVlans": [],
"ranges": [{"from": 2, "to": 4094}]
}
}
}
}
secondaryAwsVSocket
Beta
Description
Retrieves details of a specific secondary AWS vSocket.
Response
Returns a SecondaryAwsVSocket
Arguments
| Name | Description |
|---|---|
socketId - ID!
|
Example
Query
query secondaryAwsVSocket($accountId:ID!, $socketId: ID!){
site(accountId:$accountId) {
secondaryAwsVSocket(socketId: $socketId) {
site {
id
name
}
id
ipAddress
subnet
routeTableId
}
}
}
Variables
{"accountId": "143762", "socketId": 631159}
Response
{
"data": {
"site": {
"secondaryAwsVSocket": {
"site": {"id": "400376", "name": "aws"},
"id": "631159",
"ipAddress": "55.45.45.70",
"subnet": "55.45.45.0/24",
"routeTableId": "888"
}
}
}
}
secondaryAzureVSocket
Beta
Description
Retrieves details of a specific secondary Azure vSocket.
Response
Returns a SecondaryAzureVSocket
Arguments
| Name | Description |
|---|---|
socketId - ID!
|
Example
Query
query secondaryAzureVSocket($accountId:ID!, $socketId: ID!){
site(accountId:$accountId) {
secondaryAzureVSocket(socketId: $socketId) {
site {
id
name
}
id
interfaceIp
floatingIp
}
}
}
Variables
{"accountId": "5018", "socketId": 654376}
Response
{
"data": {
"site": {
"secondaryAzureVSocket": {
"site": {"id": "366082", "name": "azure"},
"id": "654376",
"interfaceIp": "122.0.0.55",
"floatingIp": "122.0.0.56"
}
}
}
}
Response
Returns a SecondaryGcpVSocketPayload
Arguments
| Name | Description |
|---|---|
input - SecondaryGcpVSocketInput!
|
Example
Query
query secondaryGcpVSocket($accountId: ID!, $input: SecondaryGcpVSocketInput!) {
site(accountId: $accountId) {
secondaryGcpVSocket(input: $input) {
socketInfo {
site {
id
name
}
id
interfaceIp
loadBalancerIp
}
}
}
}
Variables
{"accountId": "123", "input": {"id": "456"}}
Response
{
"data": {
"site": {
"secondaryGcpVSocket": {
"socketInfo": {
"site": {"id": "789", "name": "example site"},
"id": "456",
"interfaceIp": "10.0.0.1",
"loadBalancerIp": "10.0.0.2"
}
}
}
}
}
siteBackhauling
Beta
Description
Fetch backhauling configuration for a site.
Response
Returns a SiteBackhaulingPayload
Arguments
| Name | Description |
|---|---|
site - SiteRefInput!
|
Example
Query
query siteBackhauling($accountId: ID!, $site: SiteRefInput!) {
site(accountId: $accountId) {
siteBackhauling(site: $site) {
site {
id
name
}
useAsBackhaulingGW
destination
nextHopIP
preferredSocketPort
}
}
}
Variables
{"accountId": "123", "site": {"input": "456", "by": "ID"}}
Response
{
"data": {
"site": {
"siteBackhauling": {
"site": {"id": "456", "name": "example site"},
"useAsBackhaulingGW": true,
"destination": "LOCAL_GATEWAY_IP",
"nextHopIP": "192.168.0.1",
"preferredSocketPort": null
}
}
}
}
siteBgpStatus
Beta
Description
Provides the BGP status of the specified site, including session and route details.
Response
Returns a SiteBgpStatus
Arguments
| Name | Description |
|---|---|
input - SiteBgpStatusInput!
|
Example
Query
query siteBgpStatus($accountId: ID!, $input: SiteBgpStatusInput!) {
site(accountId: $accountId) {
siteBgpStatus(input: $input) {
status {
remoteIp
bgpSession
bfdSession
routesFromPeer
routesToPeer
rejectedRoutesFromPeer {
subnet
type
community{
from
to
}
rule
lastPublishAttempt
}
}
rawStatus
}
}
}
Variables
{"accountId": 123, "input": {"site": {"by": "ID", "input": "456"}}}
Response
{
"data": {
"site": {
"siteBgpStatus": {
"status": [
{
"remoteIp": "192.168.2.100",
"bgpSession": "Established via outgoing connection",
"bfdSession": null,
"routesFromPeer": ["172.16.32.0/24"],
"routesToPeer": [
"10.41.0.0/16",
"100.1.0.0/16",
"172.17.31.0/24",
"10.254.254.0/24",
"220.220.220.0/24",
"10.254.254.12/32",
"10.254.254.253/32",
"100.1.1.0/24",
"120.120.120.0/24",
"111.1.1.1/32",
"156.88.88.0/24",
"192.168.1.0/24",
"10.254.254.5/32",
"10.254.254.1/32",
"192.168.2.0/24"
],
"rejectedRoutesFromPeer": [
{
"subnet": "200.1.1.0/24",
"type": "IPv4",
"community": [{"from": 5555, "to": 5555}],
"rule": " ( ( bgp_range == 200.1.1.0/24 ) )",
"lastPublishAttempt": null
},
{
"subnet": "200.1.0.0/16",
"type": "IPv4",
"community": [{"from": 6666, "to": 6666}],
"rule": " ( ( bgp_communities ~= 436869642 ) )",
"lastPublishAttempt": null
}
]
}
],
"rawStatus": [
"{\"Exposed_On_Interface\":\"LAN1\",\"Exposed_With_IP\":\"192.168.2.1\",\"Peer\":{\"BGP_Session\":\"Established via outgoing connection\",\"BGP_peer_filter_rule\":{\"default_accept\":true,\"rules\":[{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_range\",\"op\":\"OP_EQ\",\"values\":[{\"str\":\"200.1.1.0/24\",\"type\":\"field_type_ip\"}]}]},\"id\":18258},{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_communities\",\"op\":\"OP_CONTAINS\",\"values\":[{\"num\":\"364058035\",\"type\":\"field_type_hostorder_uint64\"}]}]},\"id\":18259},{\"accept\":false,\"description\":\"\",\"expression\":{\"expression\":[],\"op\":\"BOOL_AND\",\"predicate\":[{\"field_name\":\"bgp_communities\",\"op\":\"OP_CONTAINS\",\"values\":[{\"num\":\"436869642\",\"type\":\"field_type_hostorder_uint64\"}]}]},\"id\":18260}]},\"Incoming_Connection\":{\"State\":\"Idle\",\"Transport\":\"Not set\"},\"Local_ASN\":\"65000\",\"Local_IP\":\"169.254.1.179\",\"Negotiated\":{\"Capabilities\":{\"as4\":\"0\",\"enhanced_route_refresh\":\"1\",\"graceful_restart_always_publish\":false,\"graceful_restart_enabled\":false,\"graceful_restart_present\":false,\"graceful_restart_timeout\":\"0\",\"multiprotocol_ext\":\"1\",\"route_refresh\":\"1\"},\"Hold_Time\":\"60\",\"Keepalive_Period\":\"20\"},\"Outgoing_Connection\":{\"State\":\"Established\",\"Transport\":\"169.254.1.179:43113-192.168.2.100:179\"},\"RIB_out\":[{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.253/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"15\",\"b3\",\"00\",\"37\"],\"communities\":[\"5555:55\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"100.1.0.0/16\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"120.120.120.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"0\",\"Communities offset\":\"0\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"172.17.31.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"156.88.88.0/24\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"08\",\"ae\",\"08\",\"ae\"],\"communities\":[\"2222:2222\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"100.1.1.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"220.220.220.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"192.168.2.0/24\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.41.0.0/16\"},{\"add_time\":\"1733132508 (02/12/24 09:41:48)\",\"blob\":{\"AS_Path offset\":\"4\",\"Communities count\":\"1\",\"Communities offset\":\"15\",\"Transitive Attributes\":[\"40\",\"01\",\"01\",\"00\",\"50\",\"02\",\"00\",\"04\",\"02\",\"01\",\"1d\",\"fd\",\"c0\",\"08\",\"04\",\"0d\",\"05\",\"0d\",\"05\"],\"communities\":[\"3333:3333\"]},\"last_update_time\":\"1733132508 (02/12/24 09:41:48)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"111.1.1.1/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.1/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.12/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"10.254.254.5/32\"},{\"add_time\":\"1733132478 (02/12/24 09:41:18)\",\"last_update_time\":\"1733132478 (02/12/24 09:41:18)\",\"med\":100,\"next_hop\":\"192.168.2.1\",\"prepend_count\":1,\"subnet\":\"192.168.1.0/24\"}],\"Remote_ASN\":\"7678\",\"Remote_IP\":\"192.168.2.100\",\"Router_ID\":\"192.168.2.1\",\"Router_Weight\":\"100\"},\"accept_default_route\":false,\"advertise_cato\":true,\"advertise_default\":\"never\",\"advertise_summary\":false,\"bfd_peer\":{\"BFD_Session\":\"DOWN\",\"bfd_config\":{\"local_asn\":65000,\"local_ip_no\":\"169.254.1.179\",\"local_port_ho\":0,\"remote_asn\":7678,\"remote_ip_no\":\"192.168.2.100\"},\"bfd_session_info\":{\"active_mode\":false,\"auth_type\":0,\"desired_min_tx_interval_usec\":300000,\"detect_interval_usec\":0,\"detect_mult\":3,\"local_diag\":\"NO_DIAGNOSTIC\",\"my_discriminator\":1394721461,\"next_detect_timestamp_usec\":9223372036854776000,\"next_send_timestamp_usec\":9223372036854776000,\"poll_in_progress\":false,\"remote_demand_mode\":false,\"remote_detect_mult\":0,\"remote_diag\":\"NO_DIAGNOSTIC\",\"remote_discriminator\":0,\"remote_min_echo_interval_usec\":0,\"remote_min_rx_interval_usec\":0,\"remote_min_tx_interval_usec\":0,\"remote_state\":\"DOWN\",\"remote_tx_interval_usec\":0,\"required_min_echo_interval_usec\":0,\"required_min_rx_interval_usec\":300000,\"state\":\"DOWN\",\"tx_interval_usec\":0},\"bfd_timeline\":[{\"event\":{\"func\":\"bfd_peer_init\",\"line\":\"513\",\"msg\":\"initialized BFD session to 192.168.2.100. tx = 300000 usec, rx = 300000 usec, mult = 3 , mode is passive\"},\"time\":\"02/12/24 09:41:03.583\"}],\"enabled\":true},\"custom_ranges_advertise\":\"never\",\"interface_pcap_captured_packets\":\"0\",\"interface_pcap_enabled\":false,\"interface_port_id\":0,\"rejected_routes_from_neighbor\":[{\"Communities\":[\"5555:5555\"],\"Subnet\":\"200.1.1.0/24\",\"Type\":\"IPv4\",\"last_publish_attempt\":\"02/12/24 09:41:18.216\",\"rule\":\" ( ( bgp_range == 200.1.1.0/24 ) )\"},{\"Communities\":[\"6666:6666\"],\"Subnet\":\"200.1.0.0/16\",\"Type\":\"IPv4\",\"last_publish_attempt\":\"02/12/24 09:41:18.216\",\"rule\":\" ( ( bgp_communities ~= 436869642 ) )\"}],\"routes_count\":\"1\",\"routes_count_limit\":\"1024\",\"routes_count_limit_exceeded\":false,\"routes_from_neighbor\":[{\"Next_Hop\":\"192.168.2.100\",\"Range\":\"172.16.32.0-172.16.32.255\",\"Subnet\":\"172.16.32.0/24\"}],\"routes_to_neighbor\":[{\"Subnet\":\"10.41.0.0/16\"},{\"Subnet\":\"111.1.1.1/32\"},{\"Subnet\":\"100.1.0.0/16\"},{\"Subnet\":\"100.1.1.0/24\"},{\"Subnet\":\"172.17.31.0/24\"},{\"Subnet\":\"120.120.120.0/24\"},{\"Subnet\":\"192.168.1.0/24\"},{\"Subnet\":\"220.220.220.0/24\"},{\"Subnet\":\"192.168.2.0/24\"},{\"Subnet\":\"10.254.254.0/24\"},{\"Subnet\":\"10.254.254.12/32\"},{\"Subnet\":\"10.254.254.253/32\"},{\"Subnet\":\"10.254.254.5/32\"},{\"Subnet\":\"10.254.254.1/32\"},{\"Subnet\":\"156.88.88.0/24\"}]}"
]
}
}
}
}
siteGeneralDetails
Beta
Response
Returns a SiteGeneralDetailsPayload
Arguments
| Name | Description |
|---|---|
site - SiteRefInput!
|
Example
Query
query siteGeneralDetails($accountId: ID!, $site: SiteRefInput!) {
site(accountId: $accountId) {
siteGeneralDetails(site: $site) {
site {
id
name
}
siteType
description
siteLocation {
countryCode
stateCode
cityName
timezone
address
}
preferredPopLocation {
primary {
id
name
}
secondary {
id
name
}
preferredOnly
}
}
}
}
Variables
{"accountId": "123", "site": {"input": "456", "by": "ID"}}
Response
{
"data": {
"site": {
"siteGeneralDetails": {
"site": {"id": "456", "name": "example site"},
"siteType": "BRANCH",
"description": "222",
"siteLocation": {
"countryCode": "IL",
"stateCode": "",
"cityName": "Tel Aviv",
"timezone": "Asia/Jerusalem",
"address": "Iben Gabirol 123"
},
"preferredPopLocation": {
"primary": {"id": "1", "name": "example_location_1"},
"secondary": {"id": "2", "name": "example_location_2"},
"preferredOnly": true
}
}
}
}
}
siteSocketConfiguration
Beta
Response
Returns a SiteSocketConfiguration
Arguments
| Name | Description |
|---|---|
input - SiteSocketConfigurationInput!
|
Example
Query
query siteSocketConfiguration($accountId: ID!, $input: SiteSocketConfigurationInput!) {
site(accountId: $accountId) {
siteSocketConfiguration(input: $input) {
primarySocketConfiguration {
description
}
secondarySocketConfiguration {
description
}
}
}
}
Variables
{"accountId": 8743, "input": {"site": {"by": "NAME", "input": "example"}}}
Response
{
"data": {
"site": {
"siteSocketConfiguration": {
"primarySocketConfiguration": {"description": "primary"},
"secondarySocketConfiguration": {"description": "srcondary"}
}
}
}
}
SocketBypassPolicyQueries
policy
Beta
Response
Returns a SocketBypassPolicy!
Arguments
| Name | Description |
|---|---|
input - SocketBypassPolicyInput
|
Example
Query
query socketBypass($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "98dbea00-c49c-4fae-8493-362b6897d372",
"index": 1,
"name": "update bypass exmple"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "1bbee1c4-83e6-4286-8c57-2c2aa4e8317b",
"name": "test"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query socketBypass($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"revisions": {
"revision": [
{"name": "Socket Bypass Test Revision", "changes": 0},
{"name": "Socket Bypass Test Revision", "changes": 0}
]
}
}
}
}
}
SocketLanPolicyQueries
policy
Beta
Response
Returns a SocketLanPolicy!
Arguments
| Name | Description |
|---|---|
input - SocketLanPolicyInput
|
Example
Query
query socketLan($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {"policy": {"enabled": false, "rules": [], "sections": []}}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query socketLan($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"revisions": {
"revision": [
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0},
{"name": "Socket LAN Test Revision", "changes": 0}
]
}
}
}
}
}
SplitTunnelPolicyQueries
policy
Beta
Response
Returns a SplitTunnelPolicy!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelPolicyInput
|
Example
Query
query SplitTunnelPolicy($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "96f3efbc-1e5f-4bdc-93bd-c4777b70dc9b",
"index": 1,
"name": "Second Example Rule"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query SplitTunnelPolicy($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"revisions": {
"revision": [
{"name": "Revision Name Example", "changes": 0},
{"name": "Revision Name Example", "changes": 0},
{"name": "Revision Name Example", "changes": 0}
]
}
}
}
}
}
TerminalServerPolicyQueries
policy
Beta
Response
Returns a TerminalServerPolicy!
Arguments
| Name | Description |
|---|---|
input - TerminalServerPolicyInput
|
Example
Query
query TerminalServer($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
policy {
enabled
rules {
properties
rule {
id
name
description
index
enabled
allowedHostIP {
id
name
}
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"policy": {
"enabled": true,
"rules": [
{
"rule": {
"id": "f50fa97b-1f12-4522-a15b-6cddde43c8c8",
"name": "Shared Host in Site A",
"index": 1,
"enabled": true,
"description": "Shared Host in Site A ",
"allowedHostIP": {
"id": "900134247",
"name": "Terminal Server Farm"
}
},
"audit": {
"updatedBy": "John.Doe@catonetworks.com",
"updatedTime": "2025-04-23T14:59:08.012"
},
"properties": []
}
],
"sections": []
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query TerminalServer($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"revisions": {"revision": [{"name": "Test Revision", "changes": 0}]}
}
}
}
}
TlsInspectPolicyQueries
policy
Beta
Response
Returns a TlsInspectPolicy!
Arguments
| Name | Description |
|---|---|
input - TlsInspectPolicyInput
|
Example
Query
query TlsInspect($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "80897ab7-5be5-4979-afde-3969f9d75c8a",
"index": 1,
"name": "Updated Tls Inspect Rule"
}
},
{
"properties": [],
"rule": {
"id": "d9cdb424-0830-4d8c-bfa7-6390bbc9c17b",
"index": 2,
"name": "Updated WAN Rule"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "cab89258-646c-4ce8-8a91-9f13108d1e73",
"name": "updated TLS section name"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query TlsInspect($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"revisions": {
"revision": [
{"name": "TLS Test Revision", "changes": 0},
{"name": "TLS Test Revision", "changes": 0}
]
}
}
}
}
}
WanFirewallPolicyQueries
policy
Beta
Response
Returns a WanFirewallPolicy!
Arguments
| Name | Description |
|---|---|
input - WanFirewallPolicyInput
|
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "16044293",
"index": 1,
"name": "Allow social media"
}
},
{
"properties": [],
"rule": {"id": "16044295", "index": 2, "name": "WAN FW Rule 2"}
}
],
"sections": [
{
"properties": [],
"section": {"id": "363808", "name": "Example Wan Section"}
},
{
"properties": [],
"section": {"id": "363809", "name": "My Wan Section"}
}
]
}
}
}
}
}
policyList
Beta
Description
Provides a list of all policies of Wan Firewall with filtering, pagination and sorting capabilities
Response
Returns a WanFirewallPolicyListPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallPolicyListInput!
|
Default |
Example
Query
query wanFirewallPolicyByIds($accountId: ID!, $limit: Int!, $filter: WanFirewallPolicyListFilterInput) {
policy(accountId: $accountId) {
wanFirewall {
policyList(input: {paging: {limit: $limit}, filter: $filter}) {
items {
id
name
description
enabled
policyLevel
}
paging {
total
}
}
}
}
}
Variables
{
"accountId": 12345,
"limit": 1,
"filter": {"id": {"in": ["f07a3670-88ed-48e6-8a31-6f9047e9f584"]}}
}
Response
{
"data": {
"policy": {
"wanFirewall": {
"policyList": {
"items": [
{
"id": "f07a3670-88ed-48e6-8a31-6f9047e9f584",
"name": "Main",
"description": "",
"enabled": true,
"policyLevel": "MAIN"
}
],
"paging": {"total": 1}
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query InternetFirewall($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"revisions": {
"revision": [
{"name": "WAN Test Revision", "changes": 0},
{"name": "WAN Test Revision", "changes": 0}
]
}
}
}
}
}
WanNetworkPolicyQueries
policy
Beta
Response
Returns a WanNetworkPolicy!
Arguments
| Name | Description |
|---|---|
input - WanNetworkPolicyInput
|
Example
Query
query wanNetwork($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
sections {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "6f5b98bd-3252-4c45-95e1-9eeac9fd88db",
"index": 1,
"name": "my WAN network rule example"
}
},
{
"properties": [],
"rule": {
"id": "2812534",
"index": 2,
"name": "WAN Voice & Video - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812530",
"index": 3,
"name": "Internet Voice & Video - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812532",
"index": 4,
"name": "WAN RDP - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812535",
"index": 5,
"name": "Internet RDP - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812533",
"index": 6,
"name": "WAN SMB - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812536",
"index": 7,
"name": "Internet SMB - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812529",
"index": 8,
"name": "WAN Data - Predefined"
}
},
{
"properties": [],
"rule": {
"id": "2812531",
"index": 9,
"name": "Internet Traffic - Predefined"
}
}
],
"sections": [
{
"properties": [],
"section": {
"id": "52bd561b-2877-4941-a3d0-5c7219e8e7b7",
"name": "Wan network example section"
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query wanNetwork($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"revisions": {
"revision": [
{"name": "WAN network Test Revision", "changes": 0},
{"name": "WAN network Test Revision", "changes": 0},
{"name": "WAN network Test Revision", "changes": 0}
]
}
}
}
}
}
XDR
stories
Beta
Description
Define the paging, sort, and filter arguments to define the XDR stories that are returned in the query
Response
Returns a StoriesData
Arguments
| Name | Description |
|---|---|
input - StoryInput!
|
Example
Query
query Stories($accountId: ID!, $from: Int!, $limit: Int!, $sort: [StorySortInput!], $filter: [StoryFilterInput!]!) {
xdr(accountID: $accountId) {
stories(
input: {paging: {from: $from, limit: $limit}, sort: $sort, filter: $filter}
) {
paging {
from
limit
total
__typename
}
items {
...StoryBrief
__typename
}
__typename
}
__typename
}
}
fragment StoryBrief on Story {
id
accountId
accountName
updatedAt
createdAt
analystName
incident {
__typename
id
status
lastSignal
firstSignal
producer
connectionType
indication
queryName
description
criticality
source
ticket
research
vendor
sourceIp
analystFeedback {
severity
__typename
}
... on Threat {
...ThreatIncidentBrief
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentBrief
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentBrief
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentBrief
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentBrief
__typename
}
}
__typename
}
fragment ThreatIncidentBrief on Threat {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment ThreatPreventionIncidentBrief on ThreatPrevention {
__typename
site {
id
name
__typename
}
user {
id
name
__typename
}
direction
}
fragment AnomalyStatsIncidentBrief on AnomalyStats {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment AnomalyEventsIncidentBrief on AnomalyEvents {
__typename
srcSiteId
subjectType
drillDownFilter {
name
value
__typename
}
}
fragment NetworkXDRIncidentBrief on NetworkXDRIncident {
__typename
storyDuration
storyType
siteConnectionType
siteConfigLocation
acknowledged
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
isp
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
}
Variables
{
"accountId": "123",
"from": 0,
"limit": 25,
"filter": [
{
"timeFrame": {"time": "last.P14D", "timeFrameModifier": "StoryUpdate"},
"producer": {
"in": [
"AnomalyEvents",
"AnomalyStats",
"ThreatHunt",
"ThreatPrevention",
"MicrosoftEndpointDefender",
"CatoEndpointAlert"
]
}
}
],
"sort": [{"fieldName": "updatedAt", "order": "desc"}]
}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"stories": {
"paging": {"from": 0, "limit": 25, "total": 5, "__typename": "Paging"},
"items": [
{
"id": "65ba47966e0c8517cf2de805",
"accountId": 123,
"accountName": "account",
"updatedAt": "2024-01-31T13:13:58Z",
"createdAt": "2024-01-31T13:13:58Z",
"analystName": "abc123",
"incident": {
"__typename": "CatoEndpoint",
"id": "29ebcff1",
"status": "PendingMoreInfo",
"lastSignal": "2024-01-18T01:48:25Z",
"firstSignal": "2024-01-18T01:48:25Z",
"producer": "CatoEndpointAlert",
"connectionType": null,
"indication": "Cato Endpoint Alert",
"queryName": null,
"description": null,
"criticality": 5,
"source": "source",
"ticket": null,
"research": false,
"vendor": "CATO",
"sourceIp": null,
"analystFeedback": {
"severity": "Medium",
"__typename": "AnalystFeedback"
}
},
"__typename": "Story"
}
]
}
}
}
}
story
Beta
Description
Define either the story ID, or the incident ID and producer arguments, to query the specific XDR story
Response
Returns a Story
Arguments
| Name | Description |
|---|---|
storyId - ID
|
|
producer - StoryProducerEnum
|
|
incidentId - ID
|
Example
Query
query StoryDetails($accountId: ID!, $storyId: ID!) {
xdr(accountID: $accountId) {
... on XDR {
story(storyId: $storyId) {
...StoryDetailed
__typename
}
__typename
}
__typename
}
}
fragment StoryDetailed on Story {
__typename
id
summary
updatedAt
createdAt
playbook
timeline {
...TimelineItem
__typename
}
incident {
__typename
id
status
producer
ticket
connectionType
indication
queryName
criticality
source
research
firstSignal
lastSignal
description
site {
id
name
__typename
}
user {
id
name
__typename
}
... on AnomalyStats {
...AnomalyStatsIncidentDetailed
__typename
}
... on AnomalyEvents {
...AnomalyEventsIncidentDetailed
__typename
}
... on Threat {
...ThreatIncidentDetailed
__typename
}
... on ThreatPrevention {
...ThreatPreventionIncidentDetailed
__typename
}
... on NetworkXDRIncident {
...NetworkXDRIncidentDetailed
__typename
}
... on MicrosoftEndpoint {
...MicrosoftEndpointIncidentDetailed
__typename
}
... on CatoEndpoint {
...CatoEndpointIncidentDetailed
__typename
}
}
}
fragment TimelineItem on TimelineItem {
createdAt
type
descriptions
additionalInfo
analystInfo {
name
__typename
}
context
category
__typename
}
fragment AnomalyStatsIncidentDetailed on AnomalyStats {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment AnalystFeedback on AnalystFeedback {
verdict
severity
threatType {
name
details
recommendedAction
__typename
}
threatClassification
additionalInfo
__typename
}
fragment AnomalyEventsIncidentDetailed on AnomalyEvents {
__typename
srcSiteId
subjectType
metric {
name
value
__typename
}
drillDownFilter {
name
value
__typename
}
gaussian {
n
avg
__typename
}
mitres {
id
name
__typename
}
logonName
sourceIp
os
clientClass
deviceName
macAddress
breakdownField
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
targets {
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatIncidentDetailed on Threat {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
flows {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment ThreatPreventionIncidentDetailed on ThreatPrevention {
__typename
srcSiteId
flowsCardinality
storyDuration
os
deviceName
macAddress
sourceIp
logonName
direction
predictedVerdict
predictedThreatType
similarStoriesData {
storyId
indication
threatTypeName
verdict
similarityPercentage
__typename
}
queryName
events {
signatureId
eventType
threatType
threatName
severity
__typename
}
mitres {
id
name
__typename
}
timeSeries {
info
units
label
data(perSecond: false)
sum
key {
measureFieldName
dimensions {
fieldName
value
__typename
}
__typename
}
__typename
}
targets {
type
name
analysisScore
infectionSource
catoPopularity
threatFeeds
creationTime
categories
countryOfRegistration
searchHits
engines
eventData {
signatureId
eventType
threatType
threatName
severity
action
__typename
}
__typename
}
threatPreventionsEvents {
appName
clientClass
sourceIp
sourcePort
direction
createdAt
referrer
userAgent
method
destinationCountry
destinationPort
destinationIp
destinationGeolocation
url
tunnelGeolocation
domain
target
httpResponseCode
dnsResponseIP
smbFileName
fileHash
ja3
__typename
}
analystFeedback {
...AnalystFeedback
__typename
}
}
fragment NetworkXDRIncidentDetailed on NetworkXDRIncident {
__typename
storyDuration
storyType
occurrences
siteConnectionType
siteConfigLocation
acknowledged
description
linkId
linkName
linkConfigPrecedence
deviceConfigHaRole
licenseRegion
licenseBandwidth
pop
isp
hostIp
ruleName
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
networkIncidentTimeline {
created
validated
description
eventType
incidentId
eventIds
acknowledged
networkEventSource
linkId
linkName
linkConfigPrecedence
linkStatus
linkConfigBandwidth
deviceConfigHaRole
deviceHaRoleState
pop
isp
hostIp
ruleName
tunnelResetCount
bgpConnection {
connectionName
peerIp
peerAsn
catoIp
catoAsn
__typename
}
linkQualityIssue {
issueType
direction
current
threshold
__typename
}
__typename
}
analystFeedback {
... on AnalystFeedback {
severity
__typename
}
__typename
}
}
fragment MicrosoftEndpointIncidentDetailed on MicrosoftEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
osDetails {
... on OsDetails {
...MicrosoftEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...MicrosoftEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on MicrosoftDefenderEndpointAlert {
...StoryDetailsMicrosoftEndpointAlert
__typename
}
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment MicrosoftEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on MicrosoftEndpointUser {
...MicrosoftEndpointIncidentUserDetails
__typename
}
__typename
}
fragment MicrosoftEndpointIncidentUserDetails on MicrosoftEndpointUser {
name
domainName
__typename
}
fragment StoryDetailsMicrosoftEndpointAlert on MicrosoftDefenderEndpointAlert {
id
title
localIp
destinationIp
destinationUrl
mitreTechnique {
id
name
__typename
}
firstActivityDateTime
lastActivityDateTime
threatName
activities {
...StoryDetailsMicrosoftEndpointActivity
__typename
}
resources {
...StoryDetailsMicrosoftEndpointResource
__typename
}
... on MicrosoftDefenderEndpointAlert {
criticality
msStatus: status
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointActivity on MicrosoftActivity {
id
resourceId
parentResourceId
action
__typename
}
fragment StoryDetailsMicrosoftEndpointResource on MicrosoftEndpointResource {
id
remediationStatus
createdDateTime
verdict
roles
...StoryDetailsMicrosoftEndpointFileResource
...StoryDetailsMicrosoftEndpointProcessResource
...StoryDetailsMicrosoftEndpointRegistryResource
__typename
}
fragment StoryDetailsMicrosoftEndpointFileResource on MicrosoftFileResource {
detectionStatus
fileDetails {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsMicrosoftEndpointProcessResource on MicrosoftProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsMicrosoftEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsMicrosoftEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointUserDetails on EndpointUser {
id
... on MicrosoftEndpointUser {
userSid
__typename
}
__typename
}
fragment StoryDetailsMicrosoftEndpointRegistryResource on MicrosoftRegistryResource {
valueName
valueType
value
key
hive
__typename
}
fragment CatoEndpointIncidentDetailed on CatoEndpoint {
storyDuration
sourceIp
analystFeedback {
...AnalystFeedback
__typename
}
device {
deviceName
macAddress
osDetails {
... on OsDetails {
...CatoEndpointIncidentDeviceOsDetails
__typename
}
__typename
}
loggedOnUsers {
... on EndpointUser {
...CatoEndpointIncidentDeviceLoggedOnUser
__typename
}
__typename
}
__typename
}
alerts {
... on CatoEndpointAlert {
...StoryDetailsCatoEndpointAlert
__typename
}
__typename
}
__typename
}
fragment CatoEndpointIncidentDeviceOsDetails on OsDetails {
osType
osBuild
osVersion
__typename
}
fragment CatoEndpointIncidentDeviceLoggedOnUser on EndpointUser {
... on CatoEndpointUser {
...CatoEndpointIncidentUserDetails
__typename
}
__typename
}
fragment CatoEndpointIncidentUserDetails on CatoEndpointUser {
name
__typename
}
fragment StoryDetailsCatoEndpointAlert on CatoEndpointAlert {
id
title
mitreTechnique {
id
name
__typename
}
createdDateTime
threatName
activities {
...StoryDetailsCatoEndpointActivity
__typename
}
resources {
...StoryDetailsCatoEndpointResource
__typename
}
... on CatoEndpointAlert {
criticality
catoStatus: status
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointActivity on CatoActivity {
id
resourceId
parentResourceId
__typename
}
fragment StoryDetailsCatoEndpointResource on CatoResource {
id
createdDateTime
remediationStatus
...StoryDetailsCatoEndpointFileResource
...StoryDetailsCatoEndpointProcessResource
__typename
}
fragment StoryDetailsCatoEndpointFileResource on CatoFileResource {
detectionStatus
fileDetails {
...StoryDetailsCatoEndpointFileDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointFileDetails on FileDetails {
path
name
size
sha1
sha256
issuer
signer
__typename
}
fragment StoryDetailsCatoEndpointProcessResource on CatoProcessResource {
processId
processCommandLine
imageFile {
...StoryDetailsCatoEndpointFileDetails
__typename
}
userAccount {
...StoryDetailsCatoEndpointUserDetails
__typename
}
__typename
}
fragment StoryDetailsCatoEndpointUserDetails on EndpointUser {
id
... on CatoEndpointUser {
name
__typename
}
__typename
}
Variables
{"accountId": "123", "storyId": "abc123"}
Response
{
"data": {
"xdr": {
"__typename": "XDR",
"story": {
"playbook": null,
"incident": {
"__typename": "Threat",
"id": "abc123",
"status": "Open",
"producer": "ThreatHunt",
"ticket": null,
"connectionType": "Site",
"indication": "abc123",
"queryName": "abc123",
"criticality": 5,
"source": "abc123",
"research": false,
"firstSignal": "2024-02-29T09:00:00Z",
"lastSignal": "2024-02-29T13:00:00Z",
"description": "abc123",
"site": null,
"user": null,
"srcSiteId": "123",
"flowsCardinality": 4,
"storyDuration": 14400,
"os": "OS_WINDOWS",
"deviceName": "abc123",
"macAddress": "aa:aa:11:22:33:44",
"sourceIp": "1.2.3.4",
"logonName": null,
"direction": "OUTBOUND",
"predictedVerdict": null,
"predictedThreatType": null,
"similarStoriesData": [],
"events": [],
"mitres": [],
"timeSeries": [],
"targets": [
{
"type": "domain",
"name": "123",
"analysisScore": 0.75688803,
"infectionSource": true,
"catoPopularity": -1,
"threatFeeds": 2,
"creationTime": "2023-01-10T06:16:40Z",
"categories": "abc123",
"countryOfRegistration": "CZ",
"searchHits": "123",
"engines": null,
"eventData": [],
"__typename": "IncidentTargetRep"
}
],
"flows": [
{
"appName": "http",
"clientClass": null,
"sourceIp": "11.22.33.111",
"sourcePort": 123,
"direction": "INBOUND",
"createdAt": "2024-02-29T09:45:00Z",
"referer": null,
"userAgent": null,
"method": null,
"destinationCountry": "US",
"destinationPort": 123,
"destinationIp": "11.22.33.644",
"destinationGeolocation": "11.1,22.2",
"url": null,
"tunnelGeolocation": "11.1,22.2",
"domain": "abc123",
"target": "abc123",
"httpResponseCode": null,
"dnsResponseIP": null,
"smbFileName": null,
"fileHash": null,
"ja3": null,
"__typename": "IncidentFlow"
}
],
"analystFeedback": {
"verdict": null,
"severity": null,
"threatType": {
"name": "PuP",
"details": null,
"recommendedAction": null,
"__typename": "AnalystFeedbackThreatType"
},
"threatClassification": null,
"additionalInfo": null,
"__typename": "AnalystFeedback"
}
},
"__typename": "Story",
"id": "abc123",
"summary": "abc123",
"updatedAt": "2024-03-27T08:32:44Z",
"createdAt": "2024-03-27T08:22:51Z",
"timeline": [
{
"createdAt": "2024-03-27T08:22:51Z",
"type": "Diff",
"descriptions": ["abc123"],
"additionalInfo": null,
"analystInfo": null,
"context": "Story created",
"category": null,
"__typename": "TimelineItem"
}
]
}
}
}
}
ZtnaAlwaysOnPolicyQueries
policy
Beta
Response
Returns a ZtnaAlwaysOnPolicy!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnPolicyInput
|
Example
Query
query ztnaAlwaysOn($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
policy {
enabled
rules {
properties
rule {
id
index
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"policy": {
"enabled": false,
"rules": [
{
"properties": [],
"rule": {
"id": "601d474a-9843-4511-8c65-cc3885f9e449",
"index": 1,
"name": "Updated Rule Name Example"
}
},
{
"properties": [],
"rule": {
"id": "ac120fa5-1035-41d2-8f9c-43800048ea0f",
"index": 2,
"name": "Example Rule"
}
},
{
"properties": [],
"rule": {
"id": "dc86486d-1377-4b51-b38f-7911da8f962c",
"index": 3,
"name": "Rule Example "
}
}
]
}
}
}
}
}
revisions
Beta
Response
Returns a PolicyRevisionsPayload
Example
Query
query ztnaAlwaysOn($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
revisions {
revision {
name
changes
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"revisions": {
"revision": [{"name": "Revision Name Example", "changes": 0}]
}
}
}
}
}
Mutations
AccountManagementMutations
addAccount
Description
Add a new account
Response
Returns an AccountInfo
Arguments
| Name | Description |
|---|---|
input - AddAccountInput!
|
Example
Query
mutation addAccount($accountId:ID!, $input:AddAccountInput!) {
accountManagement(accountId: $accountId) {
addAccount(input: $input) {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"name": "account_name",
"tenancy": "SINGLE_TENANT",
"type": "CUSTOMER",
"description": "account description",
"timezone": "Australia/ACT"
}
}
Response
{
"data": {
"accountManagement": {
"addAccount": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
disableAccount
Beta
Description
Sets the account status to "Disabled" for accounts with plan = "Trial" and status = "Active" or "Locked".
Response
Returns a DisableAccountPayload
Arguments
| Name | Description |
|---|---|
accountId - ID!
|
Example
Query
mutation disableAccount($parentAccountId:ID!, $accountId:ID!) {
accountManagement(accountId: $parentAccountId) {
disableAccount(accountId: $accountId) {
accountInfo {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
plan
status
}
}
}
}
Variables
{"parentAccountId": "123", "accountId": "456"}
Response
{
"data": {
"accountManagement": {
"disableAccount": {
"accountInfo": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
},
"plan": "TRIAL",
"status": "ACTIVE"
}
}
}
}
}
removeAccount
Description
Delete an existing account. The account status will become “Disabled”, and it will be scheduled for deletion
Response
Returns a RemoveAccountPayload
Arguments
| Name | Description |
|---|---|
accountId - ID!
|
Example
Query
mutation removeAccount($parentAccountId:ID!, $accountId:ID!) {
accountManagement(accountId: $parentAccountId) {
removeAccount(accountId: $accountId) {
accountInfo {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
}
Variables
{"parentAccountId": "123", "accountId": "456"}
Response
{
"data": {
"accountManagement": {
"removeAccount": {
"accountInfo": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
}
updateAccount
Description
Update existing account attributes
Response
Returns an AccountInfo
Arguments
| Name | Description |
|---|---|
input - UpdateAccountInput!
|
Example
Query
mutation updateAccount($accountId:ID!, $input:UpdateAccountInput!) {
accountManagement(accountId: $accountId) {
updateAccount(input: $input) {
description
id
name
tenancy
timeZone
type
audit {
createdBy
createdTime
}
}
}
}
Variables
{"accountId": "456", "input": {"description": "new account description"}}
Response
{
"data": {
"accountManagement": {
"updateAccount": {
"description": "account description",
"id": "456",
"name": "name",
"tenancy": "SINGLE_TENANT",
"timeZone": "Australia/ACT",
"type": "CUSTOMER",
"audit": {
"createdBy": "main@admin.com",
"createdTime": "2024-08-14T09:34:24Z"
}
}
}
}
}
AdminMutations
addAdmin
Response
Returns an AddAdminPayload
Arguments
| Name | Description |
|---|---|
input - AddAdminInput!
|
Example
Query
mutation addAdmin($accountId:ID!, $input: AddAdminInput!) {
admin(accountId:$accountId) {
addAdmin(input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"input": {
"firstName": "Name",
"lastName": "Surname",
"email": "name.surname@company.org",
"passwordNeverExpires": false,
"mfaEnabled": true,
"managedRoles": [{"role": {"id": 2, "name": "Viewer"}}]
}
}
Response
{"data": {"admin": {"addAdmin": {"adminID": "456"}}}}
addServicePrincipalAdmin
Response
Returns an AddServicePrincipalAdminPayload
Arguments
| Name | Description |
|---|---|
input - AddServicePrincipalAdminInput!
|
Example
Query
mutation addServicePrincipalAdmin($accountId:ID!, $input: AddServicePrincipalAdminInput!) {
admin(accountId:$accountId) {
addServicePrincipalAdmin(input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"input": {
"name": "Service Principal",
"email": "service.principal@company.org",
"managedRoles": [{"role": {"id": 2, "name": "Viewer"}}]
}
}
Response
{"data": {"admin": {"addServicePrincipalAdmin": {"adminID": "456"}}}}
removeAdmin
Response
Returns a RemoveAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
Example
Query
mutation removeAdmin($accountId:ID!, $adminID:ID!){
admin(accountId:$accountId) {
removeAdmin(adminID:$adminID) {
adminID
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{"data": {"admin": {"removeAdmin": {"adminID": "456"}}}}
removeServicePrincipalAdmin
Response
Returns a RemoveServicePrincipalAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
Example
Query
mutation removeServicePrincipalAdmin($accountId:ID!, $adminID:ID!){
admin(accountId:$accountId) {
removeServicePrincipalAdmin(adminID:$adminID) {
adminID
}
}
}
Variables
{"accountId": "123", "adminID": "456"}
Response
{"data": {"admin": {"removeServicePrincipalAdmin": {"adminID": "456"}}}}
updateAdmin
Response
Returns an UpdateAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
|
input - UpdateAdminInput!
|
Example
Query
mutation updateAdmin($accountId:ID!, $adminID:ID!, $input: UpdateAdminInput!){
admin(accountId:$accountId) {
updateAdmin(adminID:$adminID,input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"adminID": "456",
"input": {
"managedRoles": [
{"role": {"id": 1, "name": "Editor"}},
{"role": {"id": 2, "name": "Viewer"}}
]
}
}
Response
{"data": {"admin": {"updateAdmin": {"adminID": "456"}}}}
updateServicePrincipalAdmin
Response
Returns an UpdateServicePrincipalAdminPayload
Arguments
| Name | Description |
|---|---|
adminID - ID!
|
|
input - UpdateServicePrincipalAdminInput!
|
Example
Query
mutation updateServicePrincipalAdmin($accountId:ID!, $adminID:ID!, $input: UpdateServicePrincipalAdminInput!){
admin(accountId:$accountId) {
updateServicePrincipalAdmin(adminID:$adminID,input:$input) {
adminID
}
}
}
Variables
{
"accountId": "123",
"adminID": "456",
"input": {
"name": "Service Principal (renamed)",
"managedRoles": [{"role": {"id": 1, "name": "Editor"}}]
}
}
Response
{"data": {"admin": {"updateServicePrincipalAdmin": {"adminID": "456"}}}}
AntiMalwareFileHashPolicyMutations
addRule
Beta
Response
Returns an AntiMalwareFileHashRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
addRule(input: {
rule: {
enabled: true
name: "Block Malicious File"
description: "Block file with known malicious hash."
fileName: "malware.exe"
expirationDate: "2025-12-31T23:59:59Z"
action: BLOCK
sha256: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
fileName
expirationDate
action
sha256
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "example-id",
"name": "Block Malicious File",
"description": "Block file with known malicious hash.",
"enabled": true,
"fileName": "malware.exe",
"expirationDate": "2025-12-31T23:59:59Z",
"action": "BLOCK",
"sha256": "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"addSection": {
"section": {"section": {"id": "section-id", "name": "New section"}},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns an AntiMalwareFileHashPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "revision-id",
"createdTime": "2025-08-27T12:00:00Z",
"updatedTime": "2025-08-27T12:00:00Z"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns an AntiMalwareFileHashPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns an AntiMalwareFileHashRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
moveRule(input: {
id: "rule-id"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"moveRule": {
"status": "SUCCESS",
"rule": {"rule": {"index": 1, "id": "rule-id"}}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
moveSection(input: {
id: "section-id"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": [],
"section": {"id": "section-id", "name": "Section Name"}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns an AntiMalwareFileHashPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Block malicious file hashes"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns an AntiMalwareFileHashRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
removeRule(input: {
id: "example-id"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"antiMalwareFileHash": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
removeSection(input: {
id: "section-id"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"antiMalwareFileHash": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns an AntiMalwareFileHashPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns an AntiMalwareFileHashRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AntiMalwareFileHashUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
updateRule(input: {
id: "example-id"
rule: {
name: "Updated File Hash Rule"
fileName: "updated-malware.exe"
expirationDate: "2026-01-01T00:00:00Z"
action: BYPASS
sha256: "abcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcd"
}
}) {
status
rule {
rule {
id
name
fileName
expirationDate
action
sha256
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "example-id",
"name": "Updated File Hash Rule",
"fileName": "updated-malware.exe",
"expirationDate": "2026-01-01T00:00:00Z",
"action": "BYPASS",
"sha256": "abcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcd"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
antiMalwareFileHash {
updateSection(input: {
id: "section-id"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"antiMalwareFileHash": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {"id": "section-id", "name": "Updated section name"}
}
}
}
}
}
}
AppTenantRestrictionPolicyMutations
addRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
severity: MEDIUM
action: INJECT_HEADERS
application: {
input:"hibob"
by: ID
}
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
headers: [{
name: "headerName"
value: "headerValue"
}]
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "58dc4161-77bb-4866-a2c8-3eed554158f7",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "INJECT_HEADERS"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"addSection": {
"section": {
"section": {
"id": "6d468052-8680-4c54-8316-58793ad30d1e",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "276f34f3-197d-41ec-8d3d-de34bc703da9",
"createdTime": "2024-12-15T13:25:34.774",
"updatedTime": "2024-12-15T13:25:34.774"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
moveRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "58dc4161-77bb-4866-a2c8-3eed554158f7"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
moveSection(input: {
id: "0f61ccb5-1912-4bc0-ade6-06fc684b561f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0f61ccb5-1912-4bc0-ade6-06fc684b561f",
"name": "Section 1"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
removeRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"appTenantRestriction": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
removeSection(input: {
id: "6d468052-8680-4c54-8316-58793ad30d1e"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"appTenantRestriction": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns an AppTenantRestrictionPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns an AppTenantRestrictionRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - AppTenantRestrictionUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updateRule(input: {
id: "58dc4161-77bb-4866-a2c8-3eed554158f7"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "58dc4161-77bb-4866-a2c8-3eed554158f7",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "INJECT_HEADERS"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
appTenantRestriction {
updateSection(input: {
id: "6d468052-8680-4c54-8316-58793ad30d1e"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"appTenantRestriction": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "6d468052-8680-4c54-8316-58793ad30d1e",
"name": "New section"
}
}
}
}
}
}
}
ApplicationControlPolicyMutations
addRule
Beta
Response
Returns an ApplicationControlRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
ruleType: APPLICATION
applicationRule: {
application: {
application: {
input:"hibob"
by: ID
}
}
}
},
at: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorCode
errorMessage
}
rule {
properties
audit {
updatedTime
updatedBy
}
rule {
id
name
description
enabled
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"addRule": {
"status": "SUCCESS",
"errors": [],
"rule": {
"properties": ["ADDED"],
"audit": {
"updatedTime": "2025-09-14T08:09:19.776",
"updatedBy": "kfir.dadosh@catonetworks.com"
},
"rule": {
"id": "b2b8784e-359c-428e-878b-de53d8730998",
"name": "Example Rule",
"description": "Example description",
"enabled": true
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"addSection": {
"section": {
"section": {
"id": "ba6e65bb-bdd6-432e-9c73-56ceeef599d6",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns an ApplicationControlPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "6f89b7da-c5fb-44b3-b101-3b541dc20c08",
"createdTime": "2025-09-14T08:09:36.612",
"updatedTime": "2025-09-14T08:09:36.612"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns an ApplicationControlPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns an ApplicationControlRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
moveRule(input: {
id: "b2b8784e-359c-428e-878b-de53d8730998"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "b2b8784e-359c-428e-878b-de53d8730998"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
applicationControl {
moveSection(input: {
id: "0f61ccb5-1912-4bc0-ade6-06fc684b561f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"moveSection": {
"status": "FAILURE",
"errors": [
{
"errorMessage": "Section does not exist",
"errorCode": "sectionNotExist"
}
],
"section": null
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns an ApplicationControlPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
applicationControl {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns an ApplicationControlRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
applicationControl {
removeRule(input: {
id: "b2b8784e-359c-428e-878b-de53d8730998"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"applicationControl": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
removeSection(input: {
id: "ba6e65bb-bdd6-432e-9c73-56ceeef599d6"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"applicationControl": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns an ApplicationControlPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns an ApplicationControlRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ApplicationControlUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
updateRule(input: {
id: "b2b8784e-359c-428e-878b-de53d8730998"
rule: {
name: "Updated rule name"
}
}) {
status
rule {
rule {
id
name
description
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "b2b8784e-359c-428e-878b-de53d8730998",
"name": "Updated rule name",
"description": "Example description"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
applicationControl {
updateSection(input: {
id: "ba6e65bb-bdd6-432e-9c73-56ceeef599d6"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"applicationControl": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "ba6e65bb-bdd6-432e-9c73-56ceeef599d6",
"name": "New section"
}
}
}
}
}
}
}
ClientConnectivityPolicyMutations
addRule
Beta
Response
Returns a ClientConnectivityRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
addRule(input: {
at: {
position: LAST_IN_POLICY
}
rule: {
enabled:true
name: "Example Rule"
description: "Example Description"
source: {}
platform: [MACOS]
device: []
country: [
{
by: ID
input: "US"
}
]
confidenceLevel: HIGH
connectionOrigin: [REMOTE]
sourceRange: []
action: ALLOW_INTERNET
}
}) {
status
errors {
errorCode
errorMessage
}
rule {
rule {
id
name
description
enabled
platform
country {
id
name
}
confidenceLevel
connectionOrigin
action
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"addRule": {
"status": "SUCCESS",
"errors": [],
"rule": {
"rule": {
"id": "90c3207e-6aed-400f-8f7e-48abdf973ed9",
"name": "Example Rule",
"description": "Example Description",
"enabled": true,
"platform": ["MACOS"],
"country": [{"id": "US", "name": "United States"}],
"confidenceLevel": "HIGH",
"connectionOrigin": ["REMOTE"],
"action": "ALLOW_INTERNET"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"addSection": {
"section": {
"section": {
"id": "6cad9bd7-9c7a-462b-91b4-1ce781788a74",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a ClientConnectivityPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "8a16c79a-3946-47e8-ad68-1b8cb03bb32d",
"createdTime": "2025-11-24T08:36:25.528",
"updatedTime": "2025-11-24T08:36:25.528"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a ClientConnectivityPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns a ClientConnectivityRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
moveRule(input: {
id: "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
clientConnectivity {
moveSection(input: {
id: "6cad9bd7-9c7a-462b-91b4-1ce781788a74"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "6cad9bd7-9c7a-462b-91b4-1ce781788a74",
"name": "New section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a ClientConnectivityPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
clientConnectivity {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns a ClientConnectivityRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
clientConnectivity {
removeRule(input: {
id: "90c3207e-6aed-400f-8f7e-48abdf973ed9"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"clientConnectivity": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
removeSection(input: {
id: "6cad9bd7-9c7a-462b-91b4-1ce781788a74"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"clientConnectivity": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns a ClientConnectivityPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a ClientConnectivityRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ClientConnectivityUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
updateRule(input: {
id: "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da"
rule: {
name: "Updated rule name"
platform: [MACOS]
}
}) {
status
rule {
rule {
id
name
description
platform
action
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "9ed03ea7-6c46-43b4-8edf-5e1f0a8897da",
"name": "Updated rule name",
"description": "",
"platform": ["MACOS"],
"action": "ALLOW"
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
clientConnectivity {
updateSection(input: {
id: "6cad9bd7-9c7a-462b-91b4-1ce781788a74"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"clientConnectivity": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "6cad9bd7-9c7a-462b-91b4-1ce781788a74",
"name": "New section"
}
}
}
}
}
}
}
ContainerMutations
delete
Beta
Response
Returns a DeleteContainerPayload!
Arguments
| Name | Description |
|---|---|
input - DeleteContainerInput!
|
Example
Query
mutation removeValuesFqdnContainer($accountId:ID!, $input:DeleteContainerInput!) {
container(accountId: $accountId) {
delete(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "Some Container"}}
}
Response
{
"data": {
"container": {
"delete": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
FqdnContainerMutations
addValues
Beta
Response
Returns a FqdnContainerAddValuesPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerAddValuesInput!
|
Example
Query
mutation addValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerAddValuesInput!) {
container(accountId: $accountId) {
fqdn {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"addValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Returns a CreateFqdnContainerFromFilePayload!
Arguments
| Name | Description |
|---|---|
input - CreateFqdnContainerFromFileInput!
|
Example
Query
mutation createFqdnContainerFromFile($accountId:ID!, $input:CreateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromList
Beta
Response
Returns a CreateFqdnContainerFromListPayload!
Arguments
| Name | Description |
|---|---|
input - CreateFqdnContainerFromListInput!
|
Example
Query
mutation createFqdnContainerFromListInput($accountId:ID!, $input:CreateFqdnContainerFromListInput!) {
container(accountId: $accountId) {
fqdn {
createFromList(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"values": ["www.example.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromList": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromURL
Beta
Response
Returns a CreateFqdnContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - CreateFqdnContainerFromUrlInput!
|
Example
Query
mutation createFqdnContainerFromURL($accountId:ID!, $input:CreateFqdnContainerFromUrlInput!) {
container(accountId: $accountId) {
fqdn {
createFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "FQDN Container from URL",
"description": "Container synced from external URL",
"fileType": "CSV",
"syncData": {
"url": "https://example.com/fqdns.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": [{"by": "NAME", "input": "All Admins"}]
}
}
}
}
Response
{
"data": {
"container": {
"fqdn": {
"createFromURL": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "FQDN Container from URL",
"description": "Container synced from external URL",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/fqdns.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": [{"id": "-100", "name": "All Admins"}]
}
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns a FqdnContainerRemoveValuesPayload!
Arguments
| Name | Description |
|---|---|
input - FqdnContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToFqdnContainer($accountId:ID!, $input:FqdnContainerRemoveValuesInput!) {
container(accountId: $accountId) {
fqdn {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": ["google.com", "amazon.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"removeValues": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
syncFromURL
Beta
Response
Returns a SyncFqdnContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - SyncFqdnContainerFromUrlInput!
|
Example
Query
mutation syncFqdnContainerFromURL($accountId:ID!, $input:SyncFqdnContainerFromUrlInput!) {
container(accountId: $accountId) {
fqdn {
syncFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
syncDataAudit {
lastSynced
lastSyncAttempt
errorMsg
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "FQDN Container from URL"}}
}
Response
{
"data": {
"container": {
"fqdn": {
"syncFromURL": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "FQDN Container from URL",
"description": "Container synced from external URL",
"size": 150,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T16:00:00Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/fqdns.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
},
"syncDataAudit": {
"lastSynced": "2024-09-18T16:00:00Z",
"lastSyncAttempt": "2024-09-18T16:00:00Z",
"errorMsg": null
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Returns an UpdateFqdnContainerFromFilePayload!
Arguments
| Name | Description |
|---|---|
input - UpdateFqdnContainerFromFileInput!
|
Example
Query
mutation updateFqdnContainerFromFile($accountId:ID!, $input:UpdateFqdnContainerFromFileInput!) {
container(accountId: $accountId) {
fqdn {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromFile": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromList
Beta
Response
Returns an UpdateFqdnContainerFromListPayload!
Arguments
| Name | Description |
|---|---|
input - UpdateFqdnContainerFromListInput!
|
Example
Query
mutation updateFqdnContainerFromListInput($accountId:ID!, $input:UpdateFqdnContainerFromListInput!) {
container(accountId: $accountId) {
fqdn {
updateFromList(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"values": ["www.example.com"]
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromList": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromURL
Beta
Response
Returns an UpdateFqdnContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - UpdateFqdnContainerFromUrlInput!
|
Example
Query
mutation updateFqdnContainerFromURL($accountId:ID!, $input:UpdateFqdnContainerFromUrlInput!) {
container(accountId: $accountId) {
fqdn {
updateFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "FQDN Container from URL"},
"description": "Updated description for container synced from URL",
"fileType": "CSV",
"syncData": {
"url": "https://example.com/fqdns-updated.csv",
"timeInterval": 12,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
}
}
}
Response
{
"data": {
"container": {
"fqdn": {
"updateFromURL": {
"container": {
"__typename": "FqdnContainer",
"id": "1234567890",
"name": "FQDN Container from URL",
"description": "Updated description for container synced from URL",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T15:45:00Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/fqdns-updated.csv",
"timeInterval": 12,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
}
}
}
}
}
}
}
IpAddressRangeContainerMutations
addValues
Beta
Response
Returns an IpAddressRangeContainerAddValuesPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerAddValuesInput!
|
Example
Query
mutation addValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerAddValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
addValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"addValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CreateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation createIpAddressRangeContainerFromFile($accountId:ID!, $input:CreateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"uploadFile": "A multipart file containing data"
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromList
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CreateIpAddressRangeContainerFromListInput!
|
Example
Query
mutation createIpAddressRangeContainerFromList($accountId:ID!, $input:CreateIpAddressRangeContainerFromListInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromList(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "Some Container",
"description": "Description of some container",
"values": [{"from": "1.2.3.4", "to": "2.3.4.5"}]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromList": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
createFromURL
Beta
Response
Arguments
| Name | Description |
|---|---|
input - CreateIpAddressRangeContainerFromUrlInput!
|
Example
Query
mutation createIpAddressRangeContainerFromURL($accountId:ID!, $input:CreateIpAddressRangeContainerFromUrlInput!) {
container(accountId: $accountId) {
ipAddressRange {
createFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"name": "IP Range Container from URL",
"description": "Container synced from external URL",
"fileType": "CSV",
"syncData": {
"url": "https://example.com/ip-ranges.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": [{"by": "NAME", "input": "All Admins"}]
}
}
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"createFromURL": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "IP Range Container from URL",
"description": "Container synced from external URL",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/ip-ranges.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": [{"id": "-100", "name": "All Admins"}]
}
}
}
}
}
}
}
}
removeValues
Beta
Response
Returns an IpAddressRangeContainerRemoveValuesPayload!
Arguments
| Name | Description |
|---|---|
input - IpAddressRangeContainerRemoveValuesInput!
|
Example
Query
mutation removeValuesToIpAddressRangeContainer($accountId:ID!, $input:IpAddressRangeContainerRemoveValuesInput!) {
container(accountId: $accountId) {
ipAddressRange {
removeValues(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"values": [
{"from": "190.20.24.36", "to": "190.20.24.236"},
{"from": "190.30.24.36", "to": "190.30.24.236"}
]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"removeValues": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
syncFromURL
Beta
Response
Arguments
| Name | Description |
|---|---|
input - SyncIpAddressRangeContainerFromUrlInput!
|
Example
Query
mutation syncIpAddressRangeContainerFromURL($accountId:ID!, $input:SyncIpAddressRangeContainerFromUrlInput!) {
container(accountId: $accountId) {
ipAddressRange {
syncFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
syncDataAudit {
lastSynced
lastSyncAttempt
errorMsg
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {"ref": {"by": "NAME", "input": "IP Range Container from URL"}}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"syncFromURL": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "IP Range Container from URL",
"description": "Container synced from external URL",
"size": 150,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T16:00:00Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/ip-ranges.csv",
"timeInterval": 24,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
},
"syncDataAudit": {
"lastSynced": "2024-09-18T16:00:00Z",
"lastSyncAttempt": "2024-09-18T16:00:00Z",
"errorMsg": null
}
}
}
}
}
}
}
updateFromFile
Beta
Response
Arguments
| Name | Description |
|---|---|
input - UpdateIpAddressRangeContainerFromFileInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromFile($accountId:ID!, $input:UpdateIpAddressRangeContainerFromFileInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromFile(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"uploadFile": null
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromFile": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromList
Beta
Response
Arguments
| Name | Description |
|---|---|
input - UpdateIpAddressRangeContainerFromListInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromList($accountId:ID!, $input:UpdateIpAddressRangeContainerFromListInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromList(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "Some Container"},
"description": "Description of some container",
"values": [{"from": "1.2.3.4", "to": "2.3.4.5"}]
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromList": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "Some Container",
"description": "Description of some container",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T14:31:03Z"
}
}
}
}
}
}
}
updateFromURL
Beta
Response
Returns an UpdateIpAddressRangeContainerFromUrlPayload!
Arguments
| Name | Description |
|---|---|
input - UpdateIpAddressRangeContainerFromUrlInput!
|
Example
Query
mutation updateIpAddressRangeContainerFromURL($accountId:ID!, $input:UpdateIpAddressRangeContainerFromUrlInput!) {
container(accountId: $accountId) {
ipAddressRange {
updateFromURL(input: $input) {
container {
__typename
id
name
description
size
audit {
createdBy
createdAt
lastModifiedBy
lastModifiedAt
}
syncData {
fileType
url
timeInterval
timeUnit
notifications {
subscriptionGroup {
id
name
}
webhook {
id
name
}
mailingList {
id
name
}
}
}
}
}
}
}
}
Variables
{
"accountId": 12345,
"input": {
"ref": {"by": "NAME", "input": "IP Range Container from URL"},
"description": "Updated description for container synced from URL",
"fileType": "CSV",
"syncData": {
"url": "https://example.com/ip-ranges-updated.csv",
"timeInterval": 12,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
}
}
}
Response
{
"data": {
"container": {
"ipAddressRange": {
"updateFromURL": {
"container": {
"__typename": "IpAddressRangeContainer",
"id": "1234567890",
"name": "IP Range Container from URL",
"description": "Updated description for container synced from URL",
"size": 100,
"audit": {
"createdBy": "some.admin@catonetworks.com",
"createdAt": "2024-09-18T14:31:03Z",
"lastModifiedBy": "some.admin@catonetworks.com",
"lastModifiedAt": "2024-09-18T15:45:00Z"
},
"syncData": {
"fileType": "CSV",
"url": "https://example.com/ip-ranges-updated.csv",
"timeInterval": 12,
"timeUnit": "HOUR",
"notifications": {
"subscriptionGroup": [],
"webhook": [],
"mailingList": []
}
}
}
}
}
}
}
}
CustomAppDataMutations
Response
Returns an AddCustomApplicationPayload
Arguments
| Name | Description |
|---|---|
input - AddCustomApplicationInput!
|
Example
Query
mutation ($accountId: ID!, $input: AddCustomApplicationInput!) {
customAppData(accountId: $accountId) {
addCustomApplication(input: $input) {
customApplication {
id
name
description
category {
id
name
}
criteria {
protocol
port
portRange {
from
to
}
destination {
domain
fqdn
destinationIp {
ip
subnet
ipRange {
from
to
}
}
}
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"name": "My Custom App",
"description": "A sample custom application",
"category": [{"by": "ID", "input": "security"}],
"criteria": [
{
"protocol": "TCP",
"port": [443],
"portRange": [{"from": 8000, "to": 8080}],
"destination": {
"domain": ["example.com"],
"fqdn": ["api.example.com"],
"destinationIp": {
"ip": ["192.168.1.1"],
"subnet": ["192.168.1.0/24"],
"ipRange": [{"from": "192.168.1.1", "to": "192.168.1.100"}]
}
}
}
]
}
}
Response
{
"data": {
"customAppData": {
"addCustomApplication": {
"customApplication": {
"id": "custom-app-id-456",
"name": "My Custom App",
"description": "A sample custom application",
"category": [{"id": "security", "name": "Security"}],
"criteria": [
{
"protocol": "TCP",
"port": [443],
"portRange": [{"from": 8000, "to": 8080}],
"destination": {
"domain": ["example.com"],
"fqdn": ["api.example.com"],
"destinationIp": {
"ip": ["192.168.1.1"],
"subnet": ["192.168.1.0/24"],
"ipRange": [{"from": "192.168.1.1", "to": "192.168.1.100"}]
}
}
}
]
}
}
}
}
}
Response
Returns a DeleteCustomApplicationPayload
Arguments
| Name | Description |
|---|---|
input - DeleteCustomApplicationInput!
|
Example
Query
mutation ($accountId: ID!, $input: DeleteCustomApplicationInput!) {
customAppData(accountId: $accountId) {
deleteCustomApplication(input: $input) {
customApplication {
id
name
}
}
}
}
Variables
{
"accountId": "123456",
"input": {"customApplication": {"by": "ID", "input": "custom-app-id-123"}}
}
Response
{
"data": {
"customAppData": {
"deleteCustomApplication": {
"customApplication": {
"id": "custom-app-id-123",
"name": "My Custom App"
}
}
}
}
}
Response
Returns an UpdateCustomApplicationPayload
Arguments
| Name | Description |
|---|---|
input - UpdateCustomApplicationInput!
|
Example
Query
mutation ($accountId: ID!, $input: UpdateCustomApplicationInput!) {
customAppData(accountId: $accountId) {
updateCustomApplication(input: $input) {
customApplication {
id
name
description
category {
id
name
}
criteria {
protocol
port
portRange {
from
to
}
destination {
domain
fqdn
destinationIp {
ip
subnet
ipRange {
from
to
}
}
}
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"id": "custom-app-id-123",
"name": "Updated Custom App",
"description": "Updated description",
"category": [{"by": "ID", "input": "security"}],
"criteria": [
{
"protocol": "TCP",
"port": [443, 8443],
"portRange": [],
"destination": {
"domain": ["updated-example.com"],
"fqdn": ["api.updated-example.com"]
}
}
]
}
}
Response
{
"data": {
"customAppData": {
"updateCustomApplication": {
"customApplication": {
"id": "custom-app-id-123",
"name": "Updated Custom App",
"description": "Updated description",
"category": [{"id": "security", "name": "Security"}],
"criteria": [
{
"protocol": "TCP",
"port": [443, 8443],
"portRange": [],
"destination": {
"domain": ["updated-example.com"],
"fqdn": ["api.updated-example.com"],
"destinationIp": null
}
}
]
}
}
}
}
}
DynamicIpAllocationPolicyMutations
addRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
addRule(input: {
at: {
position: LAST_IN_POLICY
}
rule: {
enabled:true
name: "Example Rule"
description: "Example description"
range: {
globalIpRange:{
by: NAME
input: "12.22.18.0/24"
}
}
}
})
{
status
rule {
rule {
id
name
description
enabled
range {
globalIpRange {
id
}
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"range": {"globalIpRange": {"id": "1927110"}}
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "ce815213-ec04-435a-8bf9-3ef5ada025e6",
"createdTime": "2024-09-25T14:31:07.605",
"updatedTime": "2024-09-25T14:31:07.605"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
moveRule(input: {
id: "3c345055-4f14-48dc-ab8c-5b5db9d778fc"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
publishPolicyRevision(input: {
name: "IT Group SDP Users Dynamic IP Allocation Example"
description : "Allocate Dynamic IP range for IT group Example"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
removeRule(input: {
id: "60ba1383-04ce-4a1f-8c61-5e5a3c2eabb1"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"dynamicIpAllocation": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"dynamicIpAllocation": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a DynamicIpAllocationRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - DynamicIpAllocationUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updateRule(input: {
id: "2c25bae8-f787-4098-b3c2-6057e5fe8537"
rule: {
name: "Updated Rule Name Example"
}
}) {
status
rule {
rule {
id
name
description
enabled
range {
globalIpRange {
id
}
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2c25bae8-f787-4098-b3c2-6057e5fe8537",
"name": "Updated rule name",
"description": "Example description",
"enabled": true,
"range": {"globalIpRange": {"id": "1927110"}}
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
dynamicIpAllocation {
updateSection(input: {
id: "54a367d6-75da-4399-bc03-65170ea97d3f"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "54a367d6-75da-4399-bc03-65170ea97d3f",
"name": "New section"
}
}
}
}
}
}
}
EnterpriseDirectoryMutations
archiveLocation
Beta
Response
Returns an EnterpriseDirectoryArchiveLocationPayload
Arguments
| Name | Description |
|---|---|
locationId - ID
|
Example
Query
mutation archiveEnterpriseDirectoryLocation($accountID:ID!, $locationID: ID!) {
enterpriseDirectory(accountId:$accountID) {
archiveLocation(locationId: $locationID
){
location{
id
}
}
}
}
Variables
{"accountID": "123456", "locationID": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
Response
{
"data": {
"enterpriseDirectory": {
"archiveLocation": {
"location": {"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
}
}
}
}
createLocation
Beta
Response
Returns an EnterpriseDirectoryCreateLocationPayload
Arguments
| Name | Description |
|---|---|
input - EnterpriseDirectoryCreateLocationInput!
|
Example
Query
mutation createEnterpriseDirectoryLocation($accountID:ID!, $input: EnterpriseDirectoryCreateLocationInput!) {
enterpriseDirectory(accountId:$accountID) {
createLocation(input: $input
){
location{
id
}
}
}
}
Variables
{
"accountID": "123456",
"input": {
"name": "test location",
"type": "BRANCH",
"details": {
"companyName": "",
"postalAddress": {
"street": "226 rue de rivoli",
"cityName": "Paris",
"zipCode": "75019",
"country": {"by": "ID", "input": "FR"}
},
"contact": {
"name": "Angelina",
"phone": "0567476293",
"email": "Angelina@gmail.com"
},
"vatId": ""
}
}
}
Response
{
"data": {
"enterpriseDirectory": {
"createLocation": {
"location": {"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
}
}
}
}
restoreLocation
Beta
Response
Returns an EnterpriseDirectoryRestoreLocationPayload
Arguments
| Name | Description |
|---|---|
locationId - ID
|
Example
Query
mutation restoreEnterpriseDirectoryLocation($accountID:ID!, $locationID: ID!) {
enterpriseDirectory(accountId:$accountID) {
restoreLocation(locationId: $locationID
){
location{
id
}
}
}
}
Variables
{"accountID": "123456", "locationID": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
Response
{
"data": {
"enterpriseDirectory": {
"restoreLocation": {
"location": {"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
}
}
}
}
updateLocation
Beta
Response
Returns an EnterpriseDirectoryUpdateLocationPayload
Arguments
| Name | Description |
|---|---|
input - EnterpriseDirectoryUpdateLocationInput!
|
Example
Query
mutation updateEnterpriseDirectoryLocation($accountID:ID!, $input: EnterpriseDirectoryUpdateLocationInput!) {
enterpriseDirectory(accountId:$accountID) {
updateLocation(input: $input
){
location{
id
}
}
}
}
Variables
{
"accountID": "123456",
"input": {
"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20",
"name": "test location",
"type": "BRANCH",
"details": {
"companyName": "",
"postalAddress": {
"street": "226 rue de rivoli",
"cityName": "Paris",
"zipCode": "75019",
"country": {"by": "ID", "input": "FR"}
},
"contact": {
"name": "Angelina",
"phone": "0567476293",
"email": "Angelina@gmail.com"
},
"vatId": ""
}
}
}
Response
{
"data": {
"enterpriseDirectory": {
"updateLocation": {
"location": {"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}
}
}
}
}
ExternalAccessMutations
addPartnerAccessRequest
Beta
Description
Add partner access request. This mutation is used to request access to managed accounts.
Response
Returns an AddPartnerAccessRequestPayload!
Arguments
| Name | Description |
|---|---|
input - AddPartnerAccessRequestInput!
|
Example
Query
mutation addPartnerAccessRequest($accountId: ID! $input: AddPartnerAccessRequestInput!) {
externalAccess(accountId: $accountId) {
addPartnerAccessRequest(input: $input) {
invitation {
id
account {
id
name
}
activeDate
admins {
id
name
}
partner {
id
name
}
requestedDate
expirationDate
status
reason
partnerNote
roles {
id
name
}
}
}
}
}
Variables
{
"accountId": "123456",
"input": {
"partner": {"input": "123456", "by": "ID"},
"accounts": [{"input": "123458", "by": "ID"}],
"roles": [{"input": "2", "by": "ID"}],
"admins": [{"input": "87400", "by": "ID"}],
"reason": "reason",
"expirationDate": "2025-03-10T00:00:00+02:00",
"partnerNote": "note"
}
}
Response
{
"data": {
"externalAccess": {
"addPartnerAccessRequest": {
"invitation": [
{
"id": "67c56e8d6dbc4e000cfd3b63",
"partner": {"id": "123456", "name": "ExternalAccessPartner"},
"activeDate": "2025-03-03T08:55:41.848Z",
"requestedDate": "2025-03-03T08:55:41.848Z",
"expirationDate": "2025-03-09T22:00:00.000Z",
"status": "PENDING",
"reason": "test",
"partnerNote": "note",
"account": {"id": "123458", "name": "ExternalAccess_Account"},
"admins": [
{"id": "87400", "name": "r t", "__typename": "AdminRef"}
],
"roles": [{"id": "2", "name": "Viewer"}]
}
]
}
}
}
}
cancelPartnerAccess
Beta
Description
This mutation is used to cancel previously requested partner access to the managed account.
Response
Returns a CancelPartnerAccessPayload!
Arguments
| Name | Description |
|---|---|
input - CancelPartnerAccessInput!
|
Example
Query
mutation cancelPartnerAccess($accountId: ID! $invitationId: ID! $reason: String) {
externalAccess(accountId: $accountId) {
cancelPartnerAccess(
input: { invitationId: $invitationId, reason: $reason }
) {
invitation {
id
partner {
id
name
}
requestedDate
expirationDate
status
reason
partnerNote
account {
id
name
}
roles {
id
name
}
}
}
}
}
Variables
{
"accountId": "123456",
"invitationId": "67c56e8d6dbc4e000cfd3b63",
"reason": "reason"
}
Response
{
"data": {
"externalAccess": {
"cancelPartnerAccess": {
"invitation": {
"id": "67c56e8d6dbc4e000cfd3b63",
"partner": {"id": "123455", "name": "ExternalAccessPartner"},
"requestedDate": "2025-03-03T08:55:41.848Z",
"expirationDate": "2025-03-09T22:00:00.000Z",
"status": "PENDING",
"reason": "test",
"partnerNote": null,
"account": {"id": "123456", "name": "ExternalAccess_Account"},
"roles": [{"id": "2", "name": "Viewer"}]
}
}
}
}
}
resolveIncomingAccessRequest
Beta
Description
Approve or reject a managed account access request.
Response
Returns a ResolveIncomingAccessRequestPayload!
Arguments
| Name | Description |
|---|---|
input - ResolveIncomingAccessRequestInput!
|
Example
Query
mutation resolveIncomingAccessRequest(
$accountId: ID!
$requestId: ID!
$approval: PartnerAccessApprovalResponse!
$note: String
) {
externalAccess(accountId: $accountId) {
resolveIncomingAccessRequest(
input: { requestId: $requestId, approval: $approval, note: $note }
) {
request {
id
partner {
id
name
}
requestedDate
expirationDate
status
reason
note
permissions {
permissions {
action
resource
}
}
}
}
}
}
Variables
{
"accountId": "219517",
"approval": "APPROVE",
"requestId": "67c61938000a440d96107be2",
"note": "Grant access for support"
}
Response
{
"data": {
"externalAccess": {
"resolveIncomingAccessRequest": {
"request": {
"id": "67c61938000a440d96107be2",
"partner": {"id": "218687", "name": "ExternalAccessPartner"},
"requestedDate": "2025-03-03T21:03:52.482Z",
"expirationDate": "2025-03-03T22:00:00.000Z",
"status": "ACTIVE",
"reason": "reason",
"note": "Grant access for support",
"permissions": {
"permissions": [{"action": "EDIT", "resource": "NetworkRules"}]
}
}
}
}
}
}
revokePartnerAccess
Beta
Description
This mutation is used to revoke previously granted access to the account.
Response
Returns a RevokePartnerAccessPayload!
Arguments
| Name | Description |
|---|---|
input - RevokePartnerAccessInput!
|
Example
Query
mutation revokePartnerAccess($accountId: ID! $invitationId: ID! $reason: String) {
externalAccess(accountId: $accountId) {
revokePartnerAccess(
input: { invitationId: $invitationId, reason: $reason }
) {
invitation {
id
partner {
id
name
}
requestedDate
expirationDate
status
reason
note
permissions {
permissions {
action
resource
}
}
}
}
}
}
Variables
{"accountId": "123456", "invitationId": "123456", "reason": "reason"}
Response
{
"data": {
"externalAccess": {
"revokePartnerAccess": {
"invitation": {
"id": "164386",
"partner": {"id": "123455", "name": "Partner_Account"},
"requestedDate": "2024-12-02T06:07:47.000Z",
"expirationDate": "2026-12-02T06:07:46.982Z",
"status": "ACTIVE",
"reason": "",
"note": "",
"account": {"id": "123456", "name": "ExternalAccess_Account"},
"permissions": {
"permissions": [{"action": "EDIT", "resource": "NetworkRules"}]
}
}
}
}
}
}
GroupsMutations
createGroup
Beta
Description
Create a new group
Response
Returns a CreateGroupPayload
Arguments
| Name | Description |
|---|---|
input - CreateGroupInput!
|
Example
Query
mutation createGroup($accountId: ID!, $input: CreateGroupInput!) {
groups(accountId: $accountId) {
createGroup(input: $input) {
group {
id
name
description
membersCount
members {
items {
name
type
}
paging {
total
}
}
membersCountPerType {
type
membersCount
}
audit {
updatedTime
}
}
}
}
}
Variables
{
"accountId": "12345",
"input": {
"name": "group-2",
"description": "a group of printers",
"members": [{"type": "HOST", "by": "ID", "input": "3579"}]
}
}
Response
{
"data": {
"groups": {
"createGroup": {
"group": {
"id": "54499492-a6eb-4a99-90f2-795da5d942ce",
"name": "group-2",
"description": "a group of printers",
"membersCount": 1,
"members": {
"items": [{"name": "printer-1", "type": "HOST"}],
"paging": {"total": 1}
},
"membersCountPerType": [{"type": "HOST", "membersCount": 1}],
"audit": {"updatedTime": "2023-07-27T11:43:13.889"}
}
}
}
}
}
deleteGroup
Beta
Description
Delete a group
Response
Returns a DeleteGroupPayload
Arguments
| Name | Description |
|---|---|
input - GroupRefInput!
|
Example
Query
mutation deleteGroup($accountId: ID!, $group: GroupRefInput!) {
groups(accountId: $accountId) {
deleteGroup(input: $group) {
group {
id
name
}
}
}
}
Variables
{"accountId": "12345", "group": {"input": "group-2"}}
Response
{
"data": {
"groups": {
"deleteGroup": {
"group": {
"id": "54499492-a6eb-4a99-90f2-795da5d942fb",
"name": "group-2"
}
}
}
}
}
updateGroup
Beta
Description
Update an existing group, including attributes such as name, description, and member items
Response
Returns an UpdateGroupPayload
Arguments
| Name | Description |
|---|---|
input - UpdateGroupInput!
|
Example
Query
mutation updateGroup($accountId: ID!, $input: UpdateGroupInput!) {
groups(accountId: $accountId) {
updateGroup(input: $input) {
group {
id
name
description
membersCount
members {
items {
name
type
}
paging {
total
}
}
membersCountPerType {
type
membersCount
}
audit {
updatedTime
}
}
}
}
}
Variables
{
"accountId": "12345",
"input": {
"group": {"by": "NAME", "input": "group-2"},
"membersToAdd": [{"by": "ID", "input": "2468", "type": "SITE"}],
"membersToRemove": [{"by": "ID", "input": "3579", "type": "SITE"}]
}
}
Response
{
"data": {
"groups": {
"updateGroup": {
"group": {
"id": "54499492-a6eb-4a99-90f2-795da5d942ce",
"name": "grp-2",
"description": "grp-2 description",
"membersCount": 1,
"members": {
"items": [{"name": "s1", "type": "SITE"}],
"paging": {"total": 1}
},
"membersCountPerType": [{"type": "SITE", "membersCount": 1}],
"audit": {"updatedTime": "2023-07-27T11:55:02.717"}
}
}
}
}
}
HardwareMutations
updateHwShipping
Beta
Description
Set Shipping details for a list of hardware
Response
Returns a HardwarePayload
Arguments
| Name | Description |
|---|---|
input - UpdateHwShippingInput!
|
Example
Query
mutation hardware($accountID:ID!, $input: UpdateHwShippingInput!) {
hardware(accountId:$accountID) {
updateHwShipping(input: $input
){
items{
id
}
}
}
}
Variables
{
"accountID": "26361",
"input": {
"ids": ["4749add2-b6f4-45cf-8b04-41e83ccaed20"],
"details": {
"powerCable": "US",
"details": {
"address": "5850add2-b6f4-45dg-9b04-41e83ccaed30",
"comment": "something"
}
}
}
}
Response
{
"data": {
"hardware": {
"updateHwShipping": {
"items": [{"id": "4749add2-b6f4-45cf-8b04-41e83ccaed20"}]
}
}
}
}
InternetFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addRule(input: {
rule: {
enabled: true
name: "Example Rule"
description: "Example description"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
action: ALLOW
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "ALLOW"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addSection": {
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
addSubPolicy
Beta
Description
Add a new sub-policy to the Internet Firewall policy.
Response
Returns an InternetFirewallAddSubPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallAddSubPolicyInput!
|
Example
Query
mutation AddSubPolicy($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
addSubPolicy(input: {
scope: {
enabled: true
name: "Sub-policy 1"
description: "Example sub policy"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
}
},
at: {
position: LAST_IN_POLICY
}
}) {
status
policy {
id
name
description
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"addSubPolicy": {
"status": "SUCCESS",
"policy": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Sub-policy 1",
"description": "Example sub policy",
"enabled": true
}
}
}
}
}
}
createPolicyRevision
Beta
Description
Create the policy revision. Create a new empty policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "c15811b4-1e43-44ea-a132-6d1a73cb7f8d",
"createdTime": "2024-07-18T21:49:58.116",
"updatedTime": "2024-07-18T21:49:58.116"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this discarded revision are discarded, and the revision is deleted.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "106ee457-4406-4ea4-a163-36aa247de48f"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
moveSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"moveSection": {
"status": "FAILURE",
"errors": [
{
"errorMessage": "Section with system rules cannot be moved or removed",
"errorCode": "sectionSystemMove"
}
],
"section": null
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. A published revision becomes the active policy, and its content is merged with all unpublished revisions for other admins.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
publishPolicyRevision(input: {
name: "Ticket #1234"
description : "Allow HR access to social websites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing rule from the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeRule": {"status": "SUCCESS"}}}
}
}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"internetFirewall": {"removeSection": {"status": "FAILURE"}}}
}
}
removeSubPolicy
Beta
Description
Remove an existing sub-policy from the Internet Firewall policy.
Response
Arguments
| Name | Description |
|---|---|
input - InternetFirewallRemoveSubPolicyInput!
|
Example
Query
mutation RemoveSubPolicy($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
removeSubPolicy(input: {
ref: {
input: "5b1716a1-95c1-4206-9ffd-a53e34307bb9"
by: ID
}
}) {
status
policy {
id
name
description
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"removeSubPolicy": {
"status": "SUCCESS",
"policy": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Sub-policy 1",
"description": "Example sub policy",
"enabled": true
}
}
}
}
}
}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns an InternetFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Internet Firewall policy.
Response
Returns an InternetFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - InternetFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateRule(input: {
id: "106ee457-4406-4ea4-a163-36aa247de48f"
rule: {
name: "Updated rule name"
source: {
ip: ["192.0.2.2"]
}
}
}) {
status
rule {
rule {
id
name
description
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Updated rule name",
"description": "Example description",
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"action": "ALLOW"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
internetFirewall {
updateSection(input: {
id: "9ab458a3-a263-4ef7-ad6a-86de3cee7822"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"internetFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "9ab458a3-a263-4ef7-ad6a-86de3cee7822",
"name": "Updated section name"
}
}
}
}
}
}
}
LicensingMutations
updateCommercialLicense
Beta
Description
BETA
Response
Returns an UpdateCommercialLicensePayload
Arguments
| Name | Description |
|---|---|
input - UpdateCommercialLicenseInput!
|
Example
Query
mutation updateCommercialLicense($accountId: ID!, $updateCommercialLicenseInput: UpdateCommercialLicenseInput!) {
licensing(accountId: $accountId) {
updateCommercialLicense(input: $updateCommercialLicenseInput) {
license {
__typename
id
startDate
}
}
}
}
Variables
{
"accountId": "123",
"updateCommercialLicenseInput": {
"startDate": "2025-10-20T00:00:00.000Z",
"licenseId": "99d9485f-0829-4b7e-8781-6365bd6f8914"
}
}
Response
{
"data": {
"licensing": {
"updateCommercialLicense": {
"license": {
"__typename": "SiteLicense",
"id": "99d9485f-0829-4b7e-8781-6365bd6f8914",
"startDate": "2025-10-20T00:00:00.000Z"
}
}
}
}
}
NotificationSubscriptionMutations
createMailingList
Description
Creates a new Mailing List. Any valid email can be added, including those not associated with account users.
Usage limits:
- Maximum number of Mailing Lists per account: 1,000.
- Maximum number of members in each Mailing List: 1,000.
Response
Returns a CreateMailingListPayload!
Arguments
| Name | Description |
|---|---|
input - CreateMailingListInput!
|
Example
Query
mutation CreateMailingList($accountId: ID!) {
notification(accountId: $accountId) {
createMailingList(input: {
name: "Security Team"
address: ["security-lead@example.com", "soc-analyst@example.com"]
admin: [{ by: ID, input: "example-id" }]
}) {
mailingList {
id
name
type
address
admin {
id
}
audit {
updatedTime
updatedBy {
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"createMailingList": {
"mailingList": {
"id": "example-id",
"name": "Security Team",
"type": "SPECIFIC_EMAILS",
"address": ["security-lead@example.com", "soc-analyst@example.com"],
"admin": [{"id": "example-id"}],
"audit": {
"updatedBy": {
"__typename": "AdminRef",
"name": "admin@example.com"
},
"updatedTime": "2025-01-15T10:30:00Z"
}
}
}
}
}
}
createSubscriptionGroup
Description
Creates a Subscription Group. Subscription Groups combine Mailing Lists and integrations (including webhooks) for sending notifications.
Usage limits:
- Maximum number of Subscription Groups per account: 1,000.
- Maximum number of members in each Subscription Group: 100.
Response
Returns a CreateSubscriptionGroupPayload
Arguments
| Name | Description |
|---|---|
input - CreateSubscriptionGroupInput!
|
Example
Query
mutation CreateSubscriptionGroup($accountId: ID!) {
notification(accountId: $accountId) {
createSubscriptionGroup(input: {
name: "Critical Alerts"
mailingList: [
{ by: ID, input: "example-id" }
]
integration: [
{ by: ID, input: "example-id" }
]
}) {
subscriptionGroup {
id
name
mailingList {
id
name
}
integration {
webhookList {
id
name
enabled
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"createSubscriptionGroup": {
"subscriptionGroup": {
"id": "example-id",
"name": "Critical Alerts",
"mailingList": [{"id": "example-id", "name": "Security Team"}],
"integration": {
"webhookList": [
{
"id": "example-id",
"name": "Slack Security Channel",
"enabled": true
}
]
}
}
}
}
}
}
deleteMailingList
Description
Deletes a Mailing List. This action cannot be undone.
Response
Returns a DeleteMailingListPayload
Arguments
| Name | Description |
|---|---|
input - MailingListRefInput!
|
Example
Query
mutation DeleteMailingList($accountId: ID!) {
notification(accountId: $accountId) {
deleteMailingList(input: {
by: ID
input: "example-id"
}) {
mailingList {
id
name
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"deleteMailingList": {
"mailingList": {"id": "example-id", "name": "Security Team"}
}
}
}
}
deleteSubscriptionGroup
Description
Deletes a Subscription Group. This action cannot be undone.
Response
Returns a DeleteSubscriptionGroupPayload
Arguments
| Name | Description |
|---|---|
input - SubscriptionGroupRefInput!
|
Example
Query
mutation DeleteSubscriptionGroup($accountId: ID!) {
notification(accountId: $accountId) {
deleteSubscriptionGroup(input: {
by: ID
input: "example-id"
}) {
subscriptionGroup {
id
name
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"deleteSubscriptionGroup": {
"subscriptionGroup": {"id": "example-id", "name": "Critical Alerts"}
}
}
}
}
updateMailingList
Description
Updates an existing Mailing List. Only specified attributes in the input will be updated, no changes to other attributes.
Usage limits:
- Maximum number of members in each Mailing List: 1,000.
Response
Returns an UpdateMailingListPayload!
Arguments
| Name | Description |
|---|---|
input - UpdateMailingListInput!
|
Example
Query
mutation UpdateMailingList($accountId: ID!) {
notification(accountId: $accountId) {
updateMailingList(input: {
mailingList: {
by: ID
input: "example-id"
}
name: "Updated Security Team"
addressToAdd: ["new-member@example.com"]
addressToRemove: ["soc-analyst@example.com"]
}) {
mailingList {
id
name
type
address
admin {
id
}
audit {
updatedTime
updatedBy {
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"updateMailingList": {
"mailingList": {
"id": "example-id",
"name": "Updated Security Team",
"type": "SPECIFIC_EMAILS",
"address": ["security-lead@example.com", "new-member@example.com"],
"admin": [{"id": "example-id"}],
"audit": {
"updatedBy": {
"__typename": "AdminRef",
"name": "admin@example.com"
},
"updatedTime": "2025-01-15T10:30:00Z"
}
}
}
}
}
}
updateSubscriptionGroup
Description
Updates an existing Subscription Group. Subscription Groups combine Mailing Lists and integrations (including webhooks) for sending notifications.
Usage limits:
- Maximum number of members in each Subscription Group: 100.
Response
Returns an UpdateSubscriptionGroupPayload
Arguments
| Name | Description |
|---|---|
input - UpdateSubscriptionGroupInput!
|
Example
Query
mutation UpdateSubscriptionGroup($accountId: ID!) {
notification(accountId: $accountId) {
updateSubscriptionGroup(input: {
subscriptionGroup: {
by: ID
input: "example-id"
}
name: "Critical Alerts - Updated"
mailingListToAdd: [
{ by: ID, input: "example-id" }
]
integrationToRemove: [
{ by: ID, input: "example-id" }
]
}) {
subscriptionGroup {
id
name
mailingList {
id
name
}
integration {
webhookList {
id
name
enabled
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"updateSubscriptionGroup": {
"subscriptionGroup": {
"id": "example-id",
"name": "Critical Alerts - Updated",
"mailingList": [
{"id": "example-id", "name": "Security Team"},
{"id": "example-id", "name": "Network Operations"}
],
"integration": {"webhookList": []}
}
}
}
}
}
IntegrationMutations
createWebhook
Description
Create a webhook integration to send notifications to third-party integrations and vendors via HTTP/HTTPS.
Usage limits:
- Maximum number of webhooks per account: 1,000.
Response
Returns a CreateWebhookPayload
Arguments
| Name | Description |
|---|---|
input - CreateWebhookInput!
|
Example
Query
mutation CreateWebhook($accountId: ID!) {
notification(accountId: $accountId) {
integration {
createWebhook(input: {
name: "Slack Security Channel"
enabled: true
url: "https://hooks.slack.com/services/example"
auth: {
bearer: {
bearerToken: "xoxb-example-token"
}
}
header: [
{ name: "Content-Type", value: "application/json" }
]
body: "{\"text\": \"$alertTypeName - $alertMessage\"}"
requestMethod: POST
}) {
webhook {
id
name
enabled
url
requestMethod
header {
name
value
}
body
responseMapping {
key
value
}
relatedWebhookId
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {
"createWebhook": {
"webhook": {
"id": "example-id",
"name": "Slack Security Channel",
"enabled": true,
"url": "https://hooks.slack.com/services/example",
"requestMethod": "POST",
"header": [{"name": "Content-Type", "value": "application/json"}],
"body": "{\"text\": \"$alertTypeName - $alertMessage\"}",
"responseMapping": [],
"relatedWebhookId": null
}
}
}
}
}
}
deleteWebhook
Description
Delete a webhook integration. This action cannot be undone.
Response
Returns a DeleteWebhookPayload
Arguments
| Name | Description |
|---|---|
input - WebhookIntegrationRefInput!
|
Example
Query
mutation DeleteWebhook($accountId: ID!) {
notification(accountId: $accountId) {
integration {
deleteWebhook(input: {
by: ID
input: "example-id"
}) {
webhook {
id
name
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {
"deleteWebhook": {
"webhook": {"id": "example-id", "name": "Slack Security Channel"}
}
}
}
}
}
testWebhook
Description
Tests an existing webhook integration by sending a request with the specified field structure, auto-populated with sample (placeholder) values.
Response
Returns a TestWebhookPayload!
Arguments
| Name | Description |
|---|---|
input - WebhookIntegrationRefInput!
|
Example
Query
mutation TestWebhook($accountId: ID!) {
notification(accountId: $accountId) {
integration {
testWebhook(input: {
by: ID
input: "example-id"
}) {
success
errorMessage
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {"testWebhook": {"success": true, "errorMessage": null}}
}
}
}
updateWebhook
Description
Update existing webhook integration.
Response
Returns an UpdateWebhookPayload
Arguments
| Name | Description |
|---|---|
input - UpdateWebhookInput!
|
Example
Query
mutation UpdateWebhook($accountId: ID!) {
notification(accountId: $accountId) {
integration {
updateWebhook(input: {
webhook: {
by: ID
input: "example-id"
}
name: "Slack Security Channel - Updated"
enabled: false
url: "https://hooks.slack.com/services/updated-example"
body: "{\"text\": \"[$alertSeverity] $alertTypeName - $alertMessage\"}"
headerToAdd: [
{ name: "X-Custom-Header", value: "custom-value" }
]
}) {
webhook {
id
name
enabled
url
requestMethod
header {
name
value
}
body
responseMapping {
key
value
}
relatedWebhookId
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"notification": {
"integration": {
"updateWebhook": {
"webhook": {
"id": "example-id",
"name": "Slack Security Channel - Updated",
"enabled": false,
"url": "https://hooks.slack.com/services/updated-example",
"requestMethod": "POST",
"header": [
{"name": "Content-Type", "value": "application/json"},
{"name": "X-Custom-Header", "value": "custom-value"}
],
"body": "{\"text\": \"[$alertSeverity] $alertTypeName - $alertMessage\"}",
"responseMapping": [],
"relatedWebhookId": null
}
}
}
}
}
}
PopLocationMutations
allocateIp
Beta
Description
Allocates an IP address for a PoP location.
Response
Returns a PopLocationAllocateIpPayload
Arguments
| Name | Description |
|---|---|
input - PopLocationAllocateIpInput!
|
Example
Query
mutation allocateIp($accountId: ID!, $input: PopLocationAllocateIpInput!) {
popLocationMutations(accountId: $accountId) {
allocateIp(input: $input) {
allocatedIp {
id
ip
description
allocationType
popLocation {
id
name
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"type": "SYSTEM",
"popLocation": {"by": "ID", "input": "456"},
"description": "New allocated IP for London POP"
}
}
Response
{
"data": {
"popLocationMutations": {
"allocateIp": {
"allocatedIp": {
"id": 1234,
"ip": "203.0.113.10",
"description": "New allocated IP for London POP",
"allocationType": "SYSTEM",
"popLocation": {"id": "456", "name": "London-1"}
}
}
}
}
}
releaseIp
Beta
Description
Releases an allocated IP address for a PoP location.
Response
Returns a PopLocationReleaseIpPayload
Arguments
| Name | Description |
|---|---|
input - PopLocationReleaseIpInput!
|
Example
Query
mutation releaseIp($accountId: ID!, $input: PopLocationReleaseIpInput!) {
popLocationMutations(accountId: $accountId) {
releaseIp(input: $input) {
allocatedIp {
id
ip
description
allocationType
popLocation {
id
name
}
}
}
}
}
Variables
{"accountId": "123", "input": {"ip": "203.0.113.10", "type": "SYSTEM"}}
Response
{
"data": {
"popLocationMutations": {
"releaseIp": {
"allocatedIp": {
"id": "1234",
"ip": "203.0.113.10",
"description": "IP address",
"allocationType": "SYSTEM",
"popLocation": {"id": "456", "name": "London-1"}
}
}
}
}
}
updateAllocatedIpDescription
Beta
Description
Updates the description for an allocated IP address for a PoP location.
Response
Arguments
| Name | Description |
|---|---|
input - PopLocationUpdateAllocatedIpDescriptionInput!
|
Example
Query
mutation updateAllocatedIpDescription($accountId: ID!, $input: PopLocationUpdateAllocatedIpDescriptionInput!) {
popLocationMutations(accountId: $accountId) {
updateAllocatedIpDescription(input: $input) {
allocatedIp {
id
ip
description
allocationType
popLocation {
id
name
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"ip": "203.0.113.10",
"description": "Updated description for allocated IP"
}
}
Response
{
"data": {
"popLocationMutations": {
"updateAllocatedIpDescription": {
"allocatedIp": {
"id": "1234",
"ip": "203.0.113.10",
"description": "Updated description for allocated IP",
"allocationType": "SYSTEM",
"popLocation": {"id": "456", "name": "London-1"}
}
}
}
}
}
RemotePortFwdPolicyMutations
addRule
Beta
Description
Add a new port forwarding rule to enable remote access to internal services.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
addRule(input: {
rule: {
enabled: true,
name: "RPF Rule",
description: "RPF Rule",
forwardIcmp: false,
externalIp: {
by: ID,
input: "26270"
},
externalPortRange: {
from: 8095,
to: 8095
},
internalIp: "1.1.1.1",
internalPortRange: {
from: 8095,
to: 8095
},
remoteIPs: {
ip: [
"8.8.8.8"
]
},
restrictionType: ALLOW_LIST
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
enabled
description
forwardIcmp
externalIp {
id
name
}
externalPortRange {
from
to
}
internalIp
internalPortRange {
from
to
}
remoteIPs {
ip
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "d22ece52-f1cb-46c4-b3d5-367125bebb37",
"name": "RPF Rule",
"enabled": true,
"description": "RPF Rule",
"forwardIcmp": false,
"externalIp": {
"id": "26270",
"name": "exaltsimu_test_4 - 198.20.1.16"
},
"externalPortRange": {"from": 8095, "to": 8095},
"internalIp": "1.1.1.1",
"internalPortRange": {"from": 8095, "to": 8095},
"remoteIPs": {"ip": ["8.8.8.8"]}
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"addSection": {
"section": {
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Description
Create a new empty policy revision for port forwarding rules.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
createPolicyRevision(input: {
name: "Test Revision"
description: "Test working with multiple revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "b8305755-fe19-4868-9962-dff25687e722",
"createdTime": "2024-11-19T16:11:21.338",
"updatedTime": "2024-11-19T16:11:21.338"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Description
Discard the policy revision. All changes in this revision are discarded and the revision is deleted.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Description
Change the priority/position of an existing port forwarding rule.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
moveRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "d22ece52-f1cb-46c4-b3d5-367125bebb37"}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
moveSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Description
Publish the policy revision. Published revision becomes the active policy and its rules are merged with unpublished revisions from other admins.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
publishPolicyRevision(input: {
name: "NA sites"
description : "Allow traffic for North America sites"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Description
Remove an existing port forwarding rule from the policy.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
remotePortFwd {
removeRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"remotePortFwd": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
removeSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"remotePortFwd": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Description
Change the state of the port forwarding policy (enable/disable). Changes are applied immediately and not as part of policy revision publishing.
Response
Returns a RemotePortFwdPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing port forwarding rule configuration.
Response
Returns a RemotePortFwdRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - RemotePortFwdUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updateRule(input: {
id: "d22ece52-f1cb-46c4-b3d5-367125bebb37"
rule: {
internalIp: "10.0.0.1",
}
}) {
status
rule {
rule {
id
name
enabled
description
internalIp
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "d22ece52-f1cb-46c4-b3d5-367125bebb37",
"name": "RPF Rule",
"enabled": true,
"description": "RPF Rule",
"internalIp": "10.0.0.1"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
remotePortFwd {
updateSection(input: {
id: "0e3bbaff-698e-440d-93f2-d207eca8af89"
section: {
name: "Updated section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"remotePortFwd": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "0e3bbaff-698e-440d-93f2-d207eca8af89",
"name": "New section"
}
}
}
}
}
}
}
SandboxMutations
Description
Delete a sandbox report
Response
Returns a DeleteReportPayload!
Arguments
| Name | Description |
|---|---|
input - DeleteReportInput!
|
Example
Query
mutation sandboxReports($accountId: ID!, $input: DeleteReportInput!) {
sandbox(accountId: $accountId) {
deleteReport(input: $input) {
fileHash
}
}
}
Variables
{"accountId": 12345, "input": {"fileHash": "FILE_HASH"}}
Response
{"data": {"sandbox": {"deleteReport": {"fileHash": "FILE_HASH"}}}}
Description
Upload a file for sandbox analysis
Response
Returns an UploadFilePayload!
Arguments
| Name | Description |
|---|---|
input - UploadFileInput!
|
Example
Query
mutation sandboxReports($accountId: ID!, $input: UploadFileInput!) {
sandbox(accountId: $accountId) {
uploadFile(input: $input) {
uploadUrl
}
}
}
Variables
{"accountId": 12345, "input": {"fileName": "eicar.zip"}}
Response
{"data": {"sandbox": {"uploadFile": {"uploadUrl": "UPLOAD_URL"}}}}
SiteMutations
addBgpPeer
Beta
Description
Adds a new BGP peer to the specified site.
Response
Returns an AddBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - AddBgpPeerInput!
|
Example
Query
mutation addBgpPeer($accountId: ID!, $input: AddBgpPeerInput!) {
site(accountId: $accountId) {
addBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{
"accountId": 123,
"input": {
"site": {"input": "456", "by": "ID"},
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"tracking": {
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
Response
{
"data": {
"site": {
"addBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "example peer",
"peerAsn": 1,
"catoAsn": 8,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3830",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1689",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
addCloudInterconnectPhysicalConnection
Beta
Description
Add a new physical connection to a cloud interconnect site.Either connect to a partner, or a non-supported public provider
Response
Arguments
| Name | Description |
|---|---|
input - AddCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation addCloudInterconnectPhysicalConnection($accountId: ID!, $input: AddCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
addCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {
"site": {"by": "ID", "input": "400957"},
"haRole": "PRIMARY",
"popLocation": {"input": "10000", "by": "ID"},
"serviceProviderName": "Equinix",
"encapsulationMethod": "DOT1Q",
"subnet": "200.0.2.0/24",
"privateCatoIp": "200.0.2.19",
"privateSiteIp": "200.0.2.20",
"upstreamBwLimit": "100",
"downstreamBwLimit": "100"
}
}
Response
{
"data": {
"site": {
"addCloudInterconnectPhysicalConnection": {"id": "NDAwOTU3LVBSSU1BUlk="}
}
}
}
addCloudInterconnectSite
Beta
Description
Add a new cloud interconnect site.
Response
Returns an AddCloudInterconnectSitePayload
Arguments
| Name | Description |
|---|---|
input - AddCloudInterconnectSiteInput!
|
Example
Query
mutation addCloudInterconnectSite($accountId: ID!, $input: AddCloudInterconnectSiteInput!){
site(accountId: $accountId) {
addCloudInterconnectSite( input: $input){
siteId
}
}
}
Variables
{
"accountId": 128782,
"input": {
"name": "cloud_interconnect_test_site",
"siteType": "BRANCH",
"description": "test description",
"siteLocation": {
"countryCode": "AF",
"timezone": "Asia/Kabul",
"city": "‘Alāqahdārī Aṯghar"
}
}
}
Response
{"data": {"site": {"addCloudInterconnectSite": {"siteId": "400957"}}}}
addIpsecIkeV2Site
Beta
Response
Returns an AddIpsecIkeV2SitePayload
Arguments
| Name | Description |
|---|---|
input - AddIpsecIkeV2SiteInput!
|
Example
Query
mutation addIpsecIkeV2Site($accountId:ID!, $input:AddIpsecIkeV2SiteInput!){
site(accountId:$accountId) {
addIpsecIkeV2Site(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"vlan": 1400,
"siteLocation": {"countryCode": "IL", "timezone": "Asia/Jerusalem"}
}
}
Response
{"data": {"site": {"addIpsecIkeV2Site": {"siteId": "456"}}}}
addIpsecIkeV2SiteTunnels
Beta
Response
Returns an AddIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - AddIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation addIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: AddIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
addIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"publicSiteIp": "10.10.10.1",
"privateCatoIp": "1.1.1.12",
"privateSiteIp": "1.1.1.13",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"publicSiteIp": "20.20.20.1",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"site": {"addIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
addNetworkRange
Response
Returns an AddNetworkRangePayload
Arguments
| Name | Description |
|---|---|
lanSocketInterfaceId - ID!
|
|
input - AddNetworkRangeInput!
|
Example
Query
mutation addNetworkRange(
$accountId:ID!,
$lanSocketInterfaceId: ID!,
$input:AddNetworkRangeInput!
) {
site(accountId:$accountId){
addNetworkRange(lanSocketInterfaceId:$lanSocketInterfaceId, input:$input){
networkRangeId
}
}
}
Variables
{
"accountId": "123",
"lanSocketInterfaceId": "456",
"input": {
"name": "Printers",
"rangeType": "Routed",
"subnet": "123.0.1.0/30",
"gateway": "123.0.0.2"
}
}
Response
{"data": {"site": {"addNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
addSecondaryAwsVSocket
Beta
Description
Add a secondary AWS vSocket to an existing site
Response
Returns an AddSecondaryAwsVSocketPayload
Arguments
| Name | Description |
|---|---|
input - AddSecondaryAwsVSocketInput!
|
Example
Query
mutation addSecondaryAwsVSocket($accountId:ID!, $input:AddSecondaryAwsVSocketInput!){
site(accountId:$accountId) {
addSecondaryAwsVSocket(input:$input) {
id
}
}
}
Variables
{
"accountId": "143762",
"input": {
"site": {"by": "ID", "input": "400353"},
"eniIpAddress": "11.22.34.50",
"eniIpSubnet": "11.22.34.0/24",
"routeTableId": "123"
}
}
Response
{"data": {"site": {"addSecondaryAwsVSocket": {"id": "NDAwOTU3LVBSSU1BUlk="}}}}
addSecondaryAzureVSocket
Beta
Description
Add a secondary Azure vSocket to an existing site
Response
Returns an AddSecondaryAzureVSocketPayload
Arguments
| Name | Description |
|---|---|
input - AddSecondaryAzureVSocketInput!
|
Example
Query
mutation addSecondaryAzureVSocket($accountId:ID!, $input:AddSecondaryAzureVSocketInput!){
site(accountId:$accountId) {
addSecondaryAzureVSocket(input:$input) {
id
}
}
}
Variables
{
"accountId": "143762",
"input": {
"site": {"by": "ID", "input": "400353"},
"interfaceIp": "20.0.0.57",
"floatingIp": "20.0.0.17"
}
}
Response
{"data": {"site": {"addSecondaryAzureVSocket": {"id": "627135"}}}}
Response
Returns an AddSecondaryGcpVSocketPayload
Arguments
| Name | Description |
|---|---|
input - AddSecondaryGcpVSocketInput!
|
Example
Query
mutation addSecondaryGcpVSocket($accountId: ID!, $input: AddSecondaryGcpVSocketInput!) {
sites(accountId: $accountId) {
addSecondaryGcpVSocket(input: $input) {
socketInfo {
site {
id
name
}
id
interfaceIp
loadBalancerIp
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"site": {"input": "456", "by": "ID"},
"gcpConfig": {"interfaceIp": "10.0.0.1", "loadBalancerIp": "10.0.0.2"}
}
}
Response
{
"data": {
"sites": {
"addSecondaryGcpVSocket": {
"socketInfo": {
"site": {"id": "456", "name": "example site"},
"id": "789",
"interfaceIp": "10.0.0.1",
"loadBalancerIp": "10.0.0.2"
}
}
}
}
}
Response
Returns an AddSocketAddOnCardPayload
Arguments
| Name | Description |
|---|---|
input - AddSocketAddOnCardInput!
|
Example
Query
mutation addSocketAddOnCard($accountId: ID!, $input: AddSocketAddOnCardInput!) {
sites(accountId: $accountId) {
addSocketAddOnCard(input: $input) {
...AddSocketAddOnCardData
__typename
}
__typename
}
}
fragment AddSocketAddOnCardData on AddSocketAddOnCardPayload {
addOns {
expansionSlotNumber
type
__typename
}
__typename
}
Variables
{
"accountId": "123",
"input": {
"site": {"input": "456", "by": "ID"},
"addOns": [
{"type": "FOUR_10G_FIBER", "expansionSlotNumber": "SLOT_1"},
{"type": "FOUR_10G_FIBER", "expansionSlotNumber": "SLOT_2"}
]
}
}
Response
{
"data": {
"sites": {
"addSocketAddOnCard": {
"addOns": [
{
"expansionSlotNumber": "SLOT_1",
"type": "FOUR_10G_FIBER",
"__typename": "SocketAddOnCard"
},
{
"expansionSlotNumber": "SLOT_2",
"type": "FOUR_10G_FIBER",
"__typename": "SocketAddOnCard"
}
],
"__typename": "AddSocketAddOnCardPayload"
},
"__typename": "SiteMutations"
}
}
}
addSocketSite
Response
Returns an AddSocketSitePayload
Arguments
| Name | Description |
|---|---|
input - AddSocketSiteInput!
|
Example
Query
mutation addSocketSite($accountId:ID!, $input:AddSocketSiteInput!){
site(accountId:$accountId) {
addSocketSite(input:$input) {
siteId
}
}
}
Variables
{
"accountId": 123,
"input": {
"name": "New Site",
"connectionType": "SOCKET_X1700",
"siteType": "DATACENTER",
"description": "Data warehouse",
"nativeNetworkRange": "123.0.0.0/24",
"vlan": 1400,
"siteLocation": {
"countryCode": "IL",
"timezone": "Asia/Jerusalem",
"city": "Asheklon"
}
}
}
Response
{"data": {"site": {"addSocketSite": {"siteId": "456"}}}}
addStaticHost
Response
Returns an AddStaticHostPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - AddStaticHostInput!
|
Example
Query
mutation addStaticHost($accountId:ID!,$siteId: ID!, $input: AddStaticHostInput!) {
site(accountId:$accountId){
addStaticHost(siteId:$siteId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {"name": "Printer", "ip": "123.0.0.10"}
}
Response
{"data": {"site": {"addStaticHost": {"hostId": "789"}}}}
assignSiteBwLicense
Beta
Description
Assign a license to an existing site // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
Response
Returns an AssignSiteBwLicensePayload
Arguments
| Name | Description |
|---|---|
input - AssignSiteBwLicenseInput!
|
Example
Query
mutation assignSiteBwLicense($accountId: ID!, $input: AssignSiteBwLicenseInput!) {
sites(accountId: $accountId) {
assignSiteBwLicense(input: $input) {
license {
__typename
id,
sku,
... on SiteLicense {
site {
id
}
total
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"site": {"input": "445432"},
"licenseId": "99d9485f-0829-4b7e-8781-6365bd6f8914"
}
}
Response
{
"data": {
"sites": {
"assignSiteBwLicense": {
"license": {
"__typename": "SiteLicense",
"id": "3a63749f-e7e0-4385-a02f-6a0f3db10d1d",
"sku": "CATO_SITE",
"site": {"id": "453087"},
"total": 1000
}
}
}
}
}
exchangeSocketPorts
Beta
Description
Exchanges two socket ports on a site by swapping their interface assignments.
Response
Returns an ExchangeSocketPortsPayload
Arguments
| Name | Description |
|---|---|
input - ExchangeSocketPortsInput!
|
Example
Query
mutation exchangeSocketPorts($accountId: ID!, $input: ExchangeSocketPortsInput!) {
sites(accountId: $accountId) {
exchangeSocketPorts(input: $input) {
interfaces {
interfaceId
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"site": {"by": "ID", "input": "456"},
"firstInterface": {"interfaceId": "WAN1"},
"secondInterface": {"interfaceId": "LAN1"}
}
}
Response
{
"data": {
"sites": {
"exchangeSocketPorts": {
"interfaces": [{"interfaceId": "WAN1"}, {"interfaceId": "LAN1"}]
}
}
}
}
removeBgpPeer
Beta
Description
Removes an existing BGP peer configuration from a site.
Response
Returns a RemoveBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - RemoveBgpPeerInput!
|
Example
Query
mutation removeBgpPeer($accountId: ID!, $input: RemoveBgpPeerInput!) {
site(accountId: $accountId) {
removeBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{"accountId": 123, "input": {"id": "13372"}}
Response
{
"data": {
"site": {
"removeBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3832",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1691",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
removeCloudInterconnectPhysicalConnection
Beta
Description
Remove a physical connection from a cloud interconnect site.
Response
Arguments
| Name | Description |
|---|---|
input - RemoveCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation removeCloudInterconnectPhysicalConnection($accountId: ID!, $input: RemoveCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
removeCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{"accountId": 128782, "input": {"id": "NDAwOTU3LVBSSU1BUlk="}}
Response
{
"data": {
"site": {
"removeCloudInterconnectPhysicalConnection": {
"id": "NDAwOTU3LVBSSU1BUlk="
}
}
}
}
removeIpsecIkeV2SiteTunnels
Beta
Response
Returns a RemoveIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - RemoveIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation removeIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: RemoveIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
removeIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456", "input": {"tunnelId": "PRIMARY1"}}
Response
{"data": {"site": {"removeIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
removeNetworkRange
Response
Returns a RemoveNetworkRangePayload
Arguments
| Name | Description |
|---|---|
networkRangeId - ID!
|
Example
Query
mutation removeNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
) {
site(accountId:$accountId){
removeNetworkRange(networkRangeId:$networkRangeId){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw"}
Response
{"data": {"site": {"removeNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
removeSecondaryAwsVSocket
Beta
Description
Remove the secondary AWS vSocket from an existing site
Response
Returns a RemoveSecondaryAwsVSocketPayload
Arguments
| Name | Description |
|---|---|
socketId - ID!
|
Example
Query
mutation RemoveSecondaryAwsVSocket($accountId: ID!, $socketId: ID!) {
site(accountId: $accountId) {
removeSecondaryAwsVSocket(socketId: $socketId) {
secondaryAwsVSocket {
site {
id
name
}
id
ipAddress
subnet
routeTableId
}
}
}
}
Variables
{"accountId": "5018", "socketId": 648938}
Response
{
"data": {
"site": {
"removeSecondaryAwsVSocket": {
"secondaryAwsVSocket": {
"site": {"id": "360942", "name": "aws"},
"id": "648938",
"ipAddress": "10.20.30.40",
"subnet": "10.20.30.0/24",
"routeTableId": "rtb-123456"
}
}
}
}
}
removeSecondaryAzureVSocket
Beta
Description
Remove the secondary Azure vSocket from an existing site
Response
Returns a RemoveSecondaryAzureVSocketPayload
Arguments
| Name | Description |
|---|---|
socketId - ID!
|
Example
Query
mutation RemoveSecondaryAzureVSocket($accountId: ID!, $socketId: ID!) {
site(accountId: $accountId) {
removeSecondaryAzureVSocket(socketId: $socketId) {
secondaryAzureVSocket {
site {
id
name
}
id
interfaceIp
floatingIp
}
}
}
}
Variables
{"accountId": "5018", "socketId": 654376}
Response
{
"data": {
"site": {
"removeSecondaryAzureVSocket": {
"secondaryAzureVSocket": {
"site": {"id": "366082", "name": "azure"},
"id": "654376",
"interfaceIp": "122.0.0.55",
"floatingIp": "122.0.0.56"
}
}
}
}
}
Response
Returns a RemoveSecondaryGcpVSocketPayload
Arguments
| Name | Description |
|---|---|
input - RemoveSecondaryGcpVSocketInput!
|
Example
Query
mutation removeSecondaryGcpVSocket($accountId: ID!, $input: RemoveSecondaryGcpVSocketInput!) {
sites(accountId: $accountId) {
removeSecondaryGcpVSocket(input: $input) {
socketInfo {
site {
id
name
}
id
interfaceIp
loadBalancerIp
}
}
}
}
Variables
{"accountId": "123", "input": {"id": "789"}}
Response
{
"data": {
"sites": {
"removeSecondaryGcpVSocket": {
"socketInfo": {
"site": {"id": "456", "name": "example site"},
"id": "789",
"interfaceIp": "10.0.0.1",
"loadBalancerIp": "10.0.0.2"
}
}
}
}
}
removeSite
Response
Returns a RemoveSitePayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
Example
Query
mutation removeSite($accountId:ID!, $siteId:ID!){
site(accountId:$accountId) {
removeSite(siteId:$siteId) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456"}
Response
{"data": {"site": {"removeSite": {"siteId": "456"}}}}
removeSiteBwLicense
Beta
Description
Remove a license from a site // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
Response
Returns a RemoveSiteBwLicensePayload
Arguments
| Name | Description |
|---|---|
input - RemoveSiteBwLicenseInput!
|
Example
Query
mutation removeSiteBwLicense($accountId: ID!,$input: RemoveSiteBwLicenseInput!) {
sites(accountId: $accountId) {
removeSiteBwLicense(input: $input) {
license {
__typename
id
status
plan
sku
... on SiteLicense {
siteLicenseType
siteLicenseGroup
site {
id
}
total
}
}
}
}
}
Variables
{
"accountId": "228967",
"input": {
"site": {"input": "453087"},
"licenseId": "3a63749f-e7e0-4385-a02f-6a0f3db10d1d"
}
}
Response
{
"data": {
"sites": {
"removeSiteBwLicense": {
"license": {
"__typename": "SiteLicense",
"id": "3a63749f-e7e0-4385-a02f-6a0f3db10d1d",
"status": "ACTIVE",
"plan": "COMMERCIAL",
"sku": "CATO_SITE",
"siteLicenseType": "SASE",
"siteLicenseGroup": "GROUP_1",
"site": null,
"total": 1000
}
}
}
}
}
removeSocketAddOnCard
Beta
Response
Returns a RemoveSocketAddOnCardPayload
Arguments
| Name | Description |
|---|---|
input - RemoveSocketAddOnCardInput!
|
Example
Query
mutation removeSocketAddOnCard($accountId: ID!, $input: RemoveSocketAddOnCardInput!) {
sites(accountId: $accountId) {
removeSocketAddOnCard(input: $input) {
...RemoveSocketAddOnCardData
__typename
}
__typename
}
}
fragment RemoveSocketAddOnCardData on RemoveSocketAddOnCardPayload {
addOns {
expansionSlotNumber
type
__typename
}
__typename
}
Variables
{
"accountId": "123",
"input": {
"site": {"input": "456", "by": "ID"},
"expansionSlotNumbers": ["SLOT_2"]
}
}
Response
{
"data": {
"sites": {
"removeSocketAddOnCard": {
"addOns": [
{
"expansionSlotNumber": "SLOT_2",
"type": "FOUR_10G_FIBER",
"__typename": "SocketAddOnCard"
}
],
"__typename": "RemoveSocketAddOnCardPayload"
},
"__typename": "SiteMutations"
}
}
}
removeStaticHost
Response
Returns a RemoveStaticHostPayload
Arguments
| Name | Description |
|---|---|
hostId - ID!
|
Example
Query
mutation removeStaticHost($accountId:ID!,$hostId: ID!) {
site(accountId:$accountId){
removeStaticHost(hostId:$hostId){
hostId
}
}
}
Variables
{"accountId": "123", "hostId": "789"}
Response
{"data": {"site": {"removeStaticHost": {"hostId": "789"}}}}
replaceSiteBwLicense
Beta
Description
Replace an existing license of a site. This API is used to make sure the site will always have a license to avoid traffic drop for sites without licenses. // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
Response
Returns a ReplaceSiteBwLicensePayload
Arguments
| Name | Description |
|---|---|
input - ReplaceSiteBwLicenseInput!
|
Example
Query
mutation replaceSiteBwLicense($accountId: ID!,$input: ReplaceSiteBwLicenseInput!) {
sites(accountId: $accountId) {
replaceSiteBwLicense(input: $input) {
license {
__typename
id,
sku,
... on SiteLicense {
site {
id
}
total
}
}
}
}
}
Variables
{
"accountId": "228967",
"input": {
"site": {"input": "453087"},
"licenseIdToAdd": "7fe1aca1-59c3-4b6b-bc8c-d2850867e073",
"licenseIdToRemove": "3a63749f-e7e0-4385-a02f-6a0f3db10d1d"
}
}
Response
{
"data": {
"sites": {
"replaceSiteBwLicense": {
"license": {
"__typename": "SiteLicense",
"id": "7fe1aca1-59c3-4b6b-bc8c-d2850867e073",
"sku": "CATO_SITE",
"site": {"id": "453087"},
"total": 1000
}
}
}
}
}
Description
Requests an upgrade for multiple sites to specific versions. Returns the result of the request.
Response
Returns a StartSiteUpgradePayload
Arguments
| Name | Description |
|---|---|
input - StartSiteUpgradeInput!
|
Example
Query
mutation SiteMutation($accountId: ID!, $input: StartSiteUpgradeInput!) {
sites(accountId: $accountId) {
startSiteUpgrade(input: $input) {
results {
site {
id
name
}
targetVersion
}
}
}
}
Variables
{
"accountId": 123,
"input": {
"upgrades": [
{
"site": {"input": "site-name", "by": "NAME"},
"targetVersion": "23.0.19481"
}
]
}
}
Response
{
"data": {
"sites": {
"startSiteUpgrade": {
"results": [
{
"site": {"id": "456", "name": "site-name"},
"targetVersion": "23.0.19481"
}
]
}
}
}
}
updateBgpPeer
Beta
Description
Updates an existing BGP peer configuration.
Response
Returns an UpdateBgpPeerPayload
Arguments
| Name | Description |
|---|---|
input - UpdateBgpPeerInput!
|
Example
Query
mutation updateBgpPeer($accountId: ID!, $input: UpdateBgpPeerInput!) {
site(accountId: $accountId) {
updateBgpPeer(input: $input){
bgpPeer{
site{
id
name
}
id
name
peerAsn
catoAsn
peerIp
catoIp
advertiseDefaultRoute
advertiseAllRoutes
advertiseSummaryRoutes
summaryRoute{
id
route
community{
from
to
}
}
defaultAction
performNat
md5AuthKey
metric
holdTime
keepaliveInterval
bfdEnabled
bfdSettings {
transmitInterval
receiveInterval
multiplier
}
tracking{
id
enabled
alertFrequency
subscriptionId
}
}
}
}
}
Variables
{
"accountId": 123,
"input": {
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"tracking": {
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
Response
{
"data": {
"site": {
"updateBgpPeer": {
"bgpPeer": {
"site": {"id": "456", "name": "test-accept"},
"id": "13372",
"name": "updatedName",
"peerAsn": 2,
"catoAsn": 9,
"peerIp": "185.0.0.69",
"catoIp": "185.0.0.1",
"advertiseDefaultRoute": true,
"advertiseAllRoutes": false,
"advertiseSummaryRoutes": false,
"summaryRoute": [
{
"id": "3832",
"route": "1.6.5.0/25",
"community": [{"from": 1, "to": 2}, {"from": 1, "to": 3}]
}
],
"defaultAction": "ACCEPT",
"performNat": false,
"md5AuthKey": "2313123",
"metric": 100,
"holdTime": 60,
"keepaliveInterval": 20,
"bfdEnabled": false,
"bfdSettings": {
"transmitInterval": 1000,
"receiveInterval": 1000,
"multiplier": 5
},
"tracking": {
"id": "1691",
"enabled": true,
"alertFrequency": "DAILY",
"subscriptionId": "-100"
}
}
}
}
}
}
updateCloudInterconnectPhysicalConnection
Beta
Description
Update an existing physical connection at a cloud interconnect site.
Response
Arguments
| Name | Description |
|---|---|
input - UpdateCloudInterconnectPhysicalConnectionInput!
|
Example
Query
mutation updateCloudInterconnectPhysicalConnection($accountId: ID!, $input: UpdateCloudInterconnectPhysicalConnectionInput!){
site(accountId: $accountId) {
updateCloudInterconnectPhysicalConnection( input: $input ) {
id
}
}
}
Variables
{
"accountId": 128782,
"input": {
"id": "NDAwOTU3LVBSSU1BUlk=",
"popLocation": {"input": "10005", "by": "ID"},
"serviceProviderName": "QnQPort",
"encapsulationMethod": "QINQ",
"subnet": "186.0.2.0/24",
"privateCatoIp": "186.0.2.19",
"privateSiteIp": "186.0.2.20",
"upstreamBwLimit": "30",
"downstreamBwLimit": "10"
}
}
Response
{
"data": {
"site": {
"updateCloudInterconnectPhysicalConnection": {
"id": "NDAwOTU3LVBSSU1BUlk="
}
}
}
}
updateHa
Response
Returns an UpdateHaPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateHaInput!
|
Example
Query
mutation updateHa($accountId:ID!,$siteId: ID!, $input: UpdateHaInput!) {
site(accountId:$accountId){
updateHa(siteId:$siteId, input:$input){
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primaryManagementIp": "123.0.0.231",
"secondaryManagementIp": "123.0.0.232",
"vrid": 123
}
}
Response
{"data": {"site": {"updateHa": {"siteId": "456"}}}}
updateIpsecIkeV2SiteGeneralDetails
Beta
Response
Returns an UpdateIpsecIkeV2SiteGeneralDetailsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteGeneralDetailsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteGeneralDetails($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteGeneralDetailsInput!) {
site(accountId: $accountId) {
updateIpsecIkeV2SiteGeneralDetails(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"connectionMode": "RESPONDER_ONLY",
"identificationType": "FQDN",
"initMessage": {
"cipher": "AUTOMATIC",
"dhGroup": "DH_15_MODP3072",
"integrity": "SHA256",
"prf": "SHA256"
},
"authMessage": {
"cipher": "AES_GCM_256",
"dhGroup": "DH_16_MODP4096",
"integrity": "AUTOMATIC"
},
"networkRanges": "Service1:100.100.100.0/24"
}
}
Response
{"data": {"site": {"updateIpsecIkeV2SiteGeneralDetails": {"siteId": "456"}}}}
updateIpsecIkeV2SiteTunnels
Beta
Response
Returns an UpdateIpsecIkeV2SiteTunnelsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateIpsecIkeV2SiteTunnelsInput!
|
Example
Query
mutation updateIpsecIkeV2SiteTunnels($accountId: ID!, $siteId: ID!, $input: UpdateIpsecIkeV2SiteTunnelsInput!) {
site(accountId: $accountId) {
updateIpsecIkeV2SiteTunnels(siteId: $siteId, input: $input) {
siteId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"input": {
"primary": {
"destinationType": "IPv4",
"publicCatoIpId": 1000,
"tunnels": {
"tunnelId": "PRIMARY1",
"lastMileBw": {"downstream": 100, "upstream": 100},
"psk": "TEst123456789"
}
},
"secondary": {
"destinationType": "FQDN",
"tunnels": {
"tunnelId": "SECONDARY1",
"publicSiteIp": "20.20.20.2",
"lastMileBw": {"downstream": 200, "upstream": 200},
"psk": "TEst123456789"
}
}
}
}
Response
{"data": {"site": {"updateIpsecIkeV2SiteTunnels": {"siteId": "456"}}}}
updateNetworkRange
Response
Returns an UpdateNetworkRangePayload
Arguments
| Name | Description |
|---|---|
networkRangeId - ID!
|
|
input - UpdateNetworkRangeInput!
|
Example
Query
mutation updateNetworkRange(
$accountId:ID!,
$networkRangeId: ID!,
$input:UpdateNetworkRangeInput!
) {
site(accountId:$accountId){
updateNetworkRange(networkRangeId:$networkRangeId, input:$input){
networkRangeId
}
}
}
Variables
{"accountId": "123", "networkRangeId": "UzQ3MDcw", "input": {"name": "Devs"}}
Response
{"data": {"site": {"updateNetworkRange": {"networkRangeId": "UzQ3MDcw"}}}}
updateSecondaryAwsVSocket
Beta
Description
Update the secondary AWS vSocket from in an existing site
Response
Returns an UpdateSecondaryAwsVSocketPayload
Arguments
| Name | Description |
|---|---|
input - UpdateSecondaryAwsVSocketInput!
|
Example
Query
mutation updateSecondaryAwsVSocket($accountId:ID!, $input:UpdateSecondaryAwsVSocketInput!){
site(accountId:$accountId) {
updateSecondaryAwsVSocket(input:$input) {
secondaryAwsVSocket {
site {
id
name
}
id
ipAddress
subnet
routeTableId
}
}
}
}
Variables
{
"accountId": "143762",
"input": {
"id": "631159",
"ipAddress": "55.45.45.76",
"routeTableId": "888",
"subnet": "55.45.45.0/24"
}
}
Response
{
"data": {
"site": {
"updateSecondaryAwsVSocket": {
"secondaryAwsVSocket": {
"site": {"id": 400376, "name": "aws"},
"id": "631159",
"ipAddress": "55.45.45.76",
"subnet": "55.45.45.0/24",
"routeTableId": "888"
}
}
}
}
}
updateSecondaryAzureVSocket
Beta
Description
Update the secondary Azure vSocket in an existing site
Response
Returns an UpdateSecondaryAzureVSocketPayload
Arguments
| Name | Description |
|---|---|
input - UpdateSecondaryAzureVSocketInput!
|
Example
Query
mutation updateSecondaryAzureVSocket($accountId:ID!, $input:UpdateSecondaryAzureVSocketInput!){
site(accountId:$accountId) {
updateSecondaryAzureVSocket(input:$input) {
secondaryAzureVSocket {
site {
id
name
}
id
interfaceIp
floatingIp
}
}
}
}
Variables
{
"accountId": "5018",
"input": {
"id": "654376",
"interfaceIp": "122.0.0.55",
"floatingIp": "122.0.0.56"
}
}
Response
{
"data": {
"site": {
"updateSecondaryAzureVSocket": {
"secondaryAzureVSocket": {
"site": {"id": "366082", "name": "azure"},
"id": "654376",
"interfaceIp": "122.0.0.55",
"floatingIp": "122.0.0.56"
}
}
}
}
}
Response
Returns an UpdateSecondaryGcpVSocketPayload
Arguments
| Name | Description |
|---|---|
input - UpdateSecondaryGcpVSocketInput!
|
Example
Query
mutation updateSecondaryGcpVSocket($accountId: ID!, $input: UpdateSecondaryGcpVSocketInput!) {
sites(accountId: $accountId) {
updateSecondaryGcpVSocket(input: $input) {
socketInfo {
site {
id
name
}
id
interfaceIp
loadBalancerIp
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"id": "789",
"gcpConfig": {"interfaceIp": "10.0.0.3", "loadBalancerIp": "10.0.0.4"}
}
}
Response
{
"data": {
"sites": {
"updateSecondaryGcpVSocket": {
"socketInfo": {
"site": {"id": "456", "name": "example site"},
"id": "789",
"interfaceIp": "10.0.0.3",
"loadBalancerIp": "10.0.0.4"
}
}
}
}
}
updateSiteBackhauling
Beta
Description
Update backhauling configuration for a site.
Response
Returns an UpdateSiteBackhaulingPayload
Arguments
| Name | Description |
|---|---|
input - UpdateSiteBackhaulingInput!
|
Example
Query
mutation updateSiteBackhauling($accountId:ID!, $input: UpdateSiteBackhaulingInput!) {
sites(accountId: $accountId){
updateSiteBackhauling(input:$input) {
site {
id
name
}
useAsBackhaulingGW
destination
nextHopIP
preferredSocketPort
}
}
}
Variables
{
"accountId": "123",
"input": {
"site": {"input": "456", "by": "ID"},
"useAsBackhaulingGW": true,
"destination": "LOCAL_GATEWAY_IP",
"nextHopIP": "192.168.0.1"
}
}
Response
{
"data": {
"sites": {
"updateSiteBackhauling": {
"site": {"id": "456", "name": "example site"},
"useAsBackhaulingGW": true,
"destination": "LOCAL_GATEWAY_IP",
"nextHopIP": "192.168.0.1",
"preferredSocketPort": null
}
}
}
}
updateSiteBwLicense
Beta
Description
Update the bandwidth allocation of an assigned pool license of an existing site (does not apply for site license allocation) // License-to-site assignment will be removed starting in 2026 with the transition to a new pricing model.
Response
Returns an UpdateSiteBwLicensePayload
Arguments
| Name | Description |
|---|---|
input - UpdateSiteBwLicenseInput!
|
Example
Query
mutation updateSiteBwLicense($accountId: ID!,$input: UpdateSiteBwLicenseInput!) {
sites(accountId: $accountId) {
updateSiteBwLicense(input: $input) {
license {
__typename
id
status
plan
sku
... on PooledBandwidthLicense {
siteLicenseType
siteLicenseGroup
total
sites {
allocatedBandwidth
site {
id
name
}
}
}
}
}
}
}
Variables
{
"accountId": "200113",
"input": {
"site": {"input": "453090"},
"licenseId": "4f494671-d345-4784-86a9-ac617c935391",
"bw": 60
}
}
Response
{
"data": {
"sites": {
"updateSiteBwLicense": {
"license": {
"__typename": "PooledBandwidthLicense",
"id": "4f494671-d345-4784-86a9-ac617c935391",
"status": "ACTIVE",
"plan": "COMMERCIAL",
"sku": "CATO_PB",
"siteLicenseType": "SASE",
"siteLicenseGroup": "GROUP_2",
"total": 1000,
"sites": [
{"allocatedBandwidth": 60, "site": {"id": "453090", "name": "HQ"}}
]
}
}
}
}
}
updateSiteGeneralDetails
Response
Returns an UpdateSiteGeneralDetailsPayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
input - UpdateSiteGeneralDetailsInput!
|
Example
Query
mutation updateSiteGeneralDetails($accountId:ID!, $siteId:ID!, $input:UpdateSiteGeneralDetailsInput!) {
sites(accountId: $accountId){
updateSiteGeneralDetails(siteId:$siteId, input:$input) {
siteId
}
}
}
Variables
{"accountId": "123", "siteId": "456", "input": {"siteType": "BRANCH"}}
Response
{"data": {"sites": {"updateSiteGeneralDetails": {"siteId": "456"}}}}
updateSiteSocketConfiguration
Beta
Response
Returns an UpdateSiteSocketConfigurationPayload
Arguments
| Name | Description |
|---|---|
input - UpdateSiteSocketConfigurationInput!
|
Example
Query
mutation updateSiteSocketConfiguration($accountId: ID!, $input: UpdateSiteSocketConfigurationInput!) {
site(accountId: $accountId) {
updateSiteSocketConfiguration(input: $input) {
siteSocketConfiguration {
primarySocketConfiguration {
description
}
secondarySocketConfiguration {
description
}
}
}
}
}
Variables
{
"accountId": 8743,
"input": {
"site": {"by": "NAME", "input": "example"},
"primarySocketConfiguration": {"description": "primary"},
"secondarySocketConfiguration": {"description": "srcondary"}
}
}
Response
{
"data": {
"site": {
"updateSiteSocketConfiguration": {
"siteSocketConfiguration": {
"primarySocketConfiguration": {"description": "primary"},
"secondarySocketConfiguration": {"description": "srcondary"}
}
}
}
}
}
updateSocketInterface
Response
Returns an UpdateSocketInterfacePayload
Arguments
| Name | Description |
|---|---|
siteId - ID!
|
|
socketInterfaceId - SocketInterfaceIDEnum!
|
|
input - UpdateSocketInterfaceInput!
|
Example
Query
mutation updateSocketInterface(
$accountId:ID!,
$siteId: ID!,
$socketInterfaceId: SocketInterfaceIDEnum!,
$input:UpdateSocketInterfaceInput!
) {
site(accountId:$accountId){
updateSocketInterface(siteId:$siteId, socketInterfaceId: $socketInterfaceId, input:$input){
siteId
socketInterfaceId
}
}
}
Variables
{
"accountId": "123",
"siteId": "456",
"socketInterfaceId": "INT_1",
"input": {
"destType": "CATO",
"bandwidth": {"upstreamBandwidth": 100, "downstreamBandwidth": 100}
}
}
Response
{
"data": {
"site": {
"updateSocketInterface": {"siteId": "456", "socketInterfaceId": "INT_1"}
}
}
}
updateStaticHost
Response
Returns an UpdateStaticHostPayload
Arguments
| Name | Description |
|---|---|
hostId - ID!
|
|
input - UpdateStaticHostInput!
|
Example
Query
mutation updateStaticHost($accountId:ID!,$hostId: ID!, $input: UpdateStaticHostInput!) {
site(accountId:$accountId){
updateStaticHost(hostId:$hostId, input:$input){
hostId
}
}
}
Variables
{
"accountId": "123",
"hostId": "789",
"input": {"name": "Printer", "ip": "123.0.0.11"}
}
Response
{"data": {"site": {"updateStaticHost": {"hostId": "789"}}}}
SocketBypassPolicyMutations
addRule
Beta
Response
Returns a SocketBypassRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketBypassAddRuleInput!
|
Example
Query
mutation socketBypassAddRule($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
addRule(input: {rule: {
name: "bypass exmple",
description: "bypass exmple",
enabled: true,
source: {
floatingSubnet: [],
globalIpRange: [],
group: [],
host: [],
ip: [],
ipRange: [],
networkInterface: [],
subnet: [],
vlan: [],
siteNetworkSubnet: []
},
destination: {
application: [],
customApp: [],
domain: [
"google.com"
],
fqdn: [],
ipRange: [],
subnet: [],
ip: [],
globalIpRange: []
},
site: {
site: [],
group: []
},
exception: [],
service: {
custom: [],
simple: []
},
action: {
port: AUTOMATIC,
event: {
enabled: false
}
}
},
at: {
position: LAST_IN_POLICY
}}) {
rule {
rule {
id
enabled
name
description
destination {
application{
id
}
}
}
}
errors {
errorCode
errorMessage
__typename
}
status
__typename
}
__typename
}
__typename
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"addRule": {
"rule": {
"rule": {
"id": "8caf2540-09b7-483c-8a01-6a8dbee76f0d",
"enabled": true,
"name": "bypass exmple",
"description": "bypass exmple",
"destination": {"application": []}
}
},
"errors": [],
"status": "SUCCESS",
"__typename": "SocketBypassRuleMutationPayload"
},
"__typename": "SocketBypassPolicyMutations"
},
"__typename": "PolicyMutations"
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation socketBypassAddSection($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"addSection": {
"section": {
"section": {
"id": "a9628977-cd07-401b-aed4-fdb35e60bd45",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a SocketBypassPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateSocketBypassRevision($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
createPolicyRevision(input: {
name: "Socket Bypass Test Revision",
description: "Testing working with multiple Socket Bypass revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple Socket Bypass revisions",
"name": "Socket Bypass Test Revision",
"id": "b7f86535-eccc-4bad-9940-cb2b65260db8",
"createdTime": "2026-03-10T16:58:58.561",
"updatedTime": "2026-03-10T16:58:58.561"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a SocketBypassPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardSocketBypassPolicy($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"socketBypass": {"discardPolicyRevision": {"status": "SUCCESS"}}}
}
}
moveRule
Beta
Response
Returns a SocketBypassRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation socketBypassMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
moveRule(input: {
id: "98dbea00-c49c-4fae-8493-362b6897d372",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "98dbea00-c49c-4fae-8493-362b6897d372",
"section": {
"id": "1bbee1c4-83e6-4286-8c57-2c2aa4e8317b",
"name": "test"
}
}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation socketBypassMoveSection($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
moveSection(input: {
id: "1bbee1c4-83e6-4286-8c57-2c2aa4e8317b"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "1bbee1c4-83e6-4286-8c57-2c2aa4e8317b",
"name": "test"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a SocketBypassPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
# socketBypassPublishPolicy.graphql
mutation socketBypassPublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update network rules"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"socketBypass": {"publishPolicyRevision": {"status": "FAILURE"}}}
}
}
removeRule
Beta
Response
Returns a SocketBypassRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketBypassRemoveRuleInput!
|
Example
Query
mutation socketBypassRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
removeRule(input: {
id: "98dbea00-c49c-4fae-8493-362b6897d372"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"socketBypass": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation socketBypassDeleteSection($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
removeSection(input: {
id: "1bbee1c4-83e6-4286-8c57-2c2aa4e8317b"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"socketBypass": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a SocketBypassPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketBypassPolicyUpdateInput!
|
Example
Query
mutation UpdateSocketBypassPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {"updatePolicy": {"status": "FAILURE", "policy": null}}
}
}
}
updateRule
Beta
Response
Returns a SocketBypassRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketBypassUpdateRuleInput!
|
Example
Query
mutation socketBypassUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
updateRule(input: {rule: {
name: "update bypass exmple",
description: "update bypass exmple",
enabled: true,
source: {
subnet: [],
ip: [],
vlan: [],
ipRange: [],
group: [],
floatingSubnet: [],
globalIpRange: [],
networkInterface: [],
host: [],
siteNetworkSubnet: []
},
destination: {
domain: [
"google.com"
],
fqdn: [],
ipRange: [],
subnet: [],
ip: [],
application: [],
customApp: [],
globalIpRange: []
},
site: {
site: [],
group: []
},
exception: [],
service: {
simple: [],
custom: []
},
action: {
port: AUTOMATIC,
event: {
enabled: false
}
}
},
id: "98dbea00-c49c-4fae-8493-362b6897d372"
}) {
rule {
rule {
id
enabled
name
description
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"updateRule": {
"rule": {
"rule": {
"id": "98dbea00-c49c-4fae-8493-362b6897d372",
"enabled": true,
"name": "update bypass exmple",
"description": "update bypass exmple"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation socketBypassUpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
socketBypass {
updateSection(input: {
id: "1bbee1c4-83e6-4286-8c57-2c2aa4e8317b",
section: {
name: "updated Socket bypass section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"socketBypass": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "1bbee1c4-83e6-4286-8c57-2c2aa4e8317b",
"name": "test"
}
}
}
}
}
}
}
SocketLanPolicyMutations
addRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanAddRuleInput!
|
Example
Query
mutation socketLanAddRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
addRule(input: {
rule: {
name: "My LAN Network Rule Name",
description: "Network Rule Description",
enabled: true,
site: {
site: [],
group: []
},
source: {
vlan: [2],
ip: ["192.0.0.1"]
},
direction: TO,
destination: {},
service: {
simple: [
{
name: FTP
}
],
custom: []
},
nat: {
enabled: false
},
transport: LAN
},
at: {
position: FIRST_IN_POLICY
}
}) {
rule {
rule {
id
name
description
enabled
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"addRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"name": "My LAN Network Rule Name",
"description": "Network Rule Description",
"enabled": true,
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation socketLanAddSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
addSection(input: {
section: {
name: "New section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"addSection": {
"section": {
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateSocketLanRevision($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
createPolicyRevision(input: {
name: "Socket LAN Test Revision",
description: "Testing working with multiple LAN firewall revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple LAN firewall revisions",
"name": "Socket LAN Test Revision",
"id": "0fa5ab9f-1df2-4fc6-9a4a-1305627f750f",
"createdTime": "2025-02-24T22:05:04.861",
"updatedTime": "2025-02-24T22:05:04.861"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation socketLanDiscardPolicy($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"socketLan": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation socketLanMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
moveRule(input: {
id: "dc4045a0-d9d2-43e6-b025-474150600465",
to: {
position: FIRST_IN_POLICY
}
}) {
rule {
rule {
id
section {
id
name
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"moveRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation socketLanAddSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
moveSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa"
to: {
position: LAST_IN_POLICY
}
}) {
section {
properties
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"moveSection": {
"section": {
"properties": ["MOVED"],
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation socketLanPublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
publishPolicyRevision(input: {}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"publishPolicyRevision": {"errors": [], "status": "SUCCESS"}
}
}
}
}
removeRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanRemoveRuleInput!
|
Example
Query
mutation socketLanRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
removeRule(input: {
id: "dc4045a0-d9d2-43e6-b025-474150600465"
}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"socketLan": {"removeRule": {"errors": [], "status": "SUCCESS"}}}
}
}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation socketLanRemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
removeSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa"
}) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {"removeSection": {"errors": [], "status": "SUCCESS"}}
}
}
}
updatePolicy
Beta
Response
Returns a SocketLanPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanPolicyUpdateInput!
|
Example
Query
mutation UpdateSocketLanPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a SocketLanRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanUpdateRuleInput!
|
Example
Query
mutation socketLanUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updateRule(input: {
rule: {
name: "LAN Network Rule Name",
description: "LAN Network Rule Description",
enabled: true,
site: {
site: [],
group: []
},
source: {
vlan: [2],
},
direction: BOTH,
destination: {},
service: {
simple: [],
custom: []
},
nat: {
enabled: false
},
transport: LAN
},
id: "dc4045a0-d9d2-43e6-b025-474150600465"
}
) {
rule {
rule {
id
name
description
enabled
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updateRule": {
"rule": {
"rule": {
"id": "dc4045a0-d9d2-43e6-b025-474150600465",
"name": "LAN Network Rule Name",
"description": "LAN Network Rule Description",
"enabled": true,
"direction": "BOTH"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation socketLanUpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
updateSection(input: {
id: "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
section: {
name: "My new section name"
}
}) {
section {
section {
id
name
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"updateSection": {
"section": {
"section": {
"id": "fdf0d08a-93f2-43fd-8c96-c54f3321f8fa",
"name": "New section"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
SocketLanFirewallPolicyMutations
addRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallAddRuleInput!
|
Example
Query
mutation socketLanFirewallAddRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
addRule(input: {
rule: {
name: "My Firewall Sub Rule",
description: "My firewall sub rule",
enabled: true,
source: {},
direction: TO,
destination: {},
application: {},
service: {
simple: [
{
name: FTP
}
],
standard: [],
custom: []
},
action: BLOCK,
tracking: {
event: {
enabled: false
},
alert: {
enabled: false,
frequency: HOURLY,
mailingList: [],
subscriptionGroup: [],
webhook: []
}
}
},
at: {
position: LAST_IN_RULE,
ref: "dc4045a0-d9d2-43e6-b025-474150600465"
}
}) {
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"addRule": {
"rule": {
"rule": {
"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
"name": "My Firewall Sub Rule",
"description": "My firewall sub rule",
"enabled": true,
"source": {"ip": [], "subnet": []},
"destination": {"ip": [], "subnet": []},
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
moveRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSubRuleInput!
|
Example
Query
mutation socketLanFirewallMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
moveRule(input: {
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
to: {
position: FIRST_IN_RULE,
ref: "dc4045a0-d9d2-43e6-b025-474150600465"
}
}
) {
rule {
rule {
id
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"moveRule": {
"rule": {"rule": {"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb"}},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
removeRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallRemoveRuleInput!
|
Example
Query
mutation socketLanFirewallRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
removeRule(input: {
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb"
}
) {
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {"removeRule": {"errors": [], "status": "SUCCESS"}}
}
}
}
}
updateRule
Beta
Response
Returns a SocketLanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SocketLanFirewallUpdateRuleInput!
|
Example
Query
mutation socketLanFirewallUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
socketLan {
firewall {
updateRule(input: {
rule: {
name: "Socket LAN Firewall Sub Rule 5",
description: "",
enabled: true,
source: {
vlan: [],
mac: [],
ipRange: [],
group: [],
subnet: [],
site: [],
networkInterface: [],
systemGroup: [],
host: [],
ip: [],
globalIpRange: [],
floatingSubnet: [],
siteNetworkSubnet: []
},
direction: TO,
destination: {
vlan: [],
ipRange: [],
subnet: [],
site: [],
networkInterface: [],
systemGroup: [],
host: [],
ip: [],
globalIpRange: [],
group: [],
floatingSubnet: [],
siteNetworkSubnet: []
},
application: {
application: [],
customApp: [],
fqdn: [],
domain: [],
ipRange: [],
ip: [],
subnet: [],
globalIpRange: []
},
service: {
simple: [],
standard: [],
custom: []
},
action: BLOCK,
tracking: {
event: {
enabled: false
},
alert: {
enabled: false,
frequency: HOURLY,
mailingList: [],
subscriptionGroup: [],
webhook: []
}
}
},
id: "179f1883-b4c8-45af-8a91-0dbbb802d1fb"
}) {
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
direction
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"socketLan": {
"firewall": {
"updateRule": {
"rule": {
"rule": {
"id": "179f1883-b4c8-45af-8a91-0dbbb802d1fb",
"name": "Socket LAN Firewall Sub Rule 5",
"description": "",
"enabled": true,
"source": {"ip": [], "subnet": []},
"destination": {"ip": [], "subnet": []},
"direction": "TO"
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
}
SplitTunnelPolicyMutations
addRule
Beta
Response
Returns a SplitTunnelRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
addRule(input: {
at: { position: LAST_IN_POLICY }
rule: {
enabled: true
name: "Second Example Rule"
description: "Second Example Description"
action: EXCLUDE
source: { }
platform: [WINDOWS]
country: []
destination: {
application: [{ by: ID, input: "googleApps" }]
}
sourceNetwork: { sourceNetworkType: ANY }
coverage: ALL
dnsExclusion: { domain: ["example.com"] }
routingPriority: TUNNEL
}
}) {
status
errors { errorCode errorMessage }
rule {
rule {
id
name
description
enabled
action
platform
country { id }
destination { application { id } }
sourceNetwork { sourceNetworkType }
coverage
dnsExclusion { domain }
routingPriority
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"addRule": {
"status": "SUCCESS",
"errors": [],
"rule": {
"rule": {
"id": "96f3efbc-1e5f-4bdc-93bd-c4777b70dc9b",
"name": "Second Example Rule",
"description": "Second Example Description",
"enabled": true,
"action": "EXCLUDE",
"platform": ["WINDOWS"],
"country": [],
"destination": {"application": [{"id": "googleApps"}]},
"sourceNetwork": {"sourceNetworkType": "ANY"},
"coverage": "ALL",
"dnsExclusion": {"domain": ["example.com"]},
"routingPriority": "TUNNEL"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"splitTunnel": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a SplitTunnelPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Revision Description Example",
"name": "Revision Name Example",
"id": "b901ec37-b5fb-475e-897c-13bc9a499dd1",
"createdTime": "2025-11-05T12:51:32.142",
"updatedTime": "2025-11-05T12:51:32.142"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a SplitTunnelPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation SplitTunnelDiscardPolicy($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"splitTunnel": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a SplitTunnelRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
moveRule(input: { id: "b0bda711-b998-4c6d-9939-e0730d3d2ba3" to: { position: FIRST_IN_POLICY } }) {
status
rule { rule { index id } }
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "b0bda711-b998-4c6d-9939-e0730d3d2ba3"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
splitTunnel {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"splitTunnel": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a SplitTunnelPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
publishPolicyRevision(input: { name: "IT Group SDP Users Split Tunnel Example" description: "Publish Split Tunnel policy revision Example" }) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"splitTunnel": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a SplitTunnelRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
removeRule(input: { id: "b0bda711-b998-4c6d-9939-e0730d3d2ba3" }) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"splitTunnel": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"splitTunnel": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a SplitTunnelPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
updatePolicy(input: { state: DISABLED }) {
status
policy { enabled }
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a SplitTunnelRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - SplitTunnelUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
updateRule(input: {
id: "b0bda711-b998-4c6d-9939-e0730d3d2ba3"
rule: {
name: "Updated Rule Name Example"
action: INCLUDE
}
}) {
status
rule {
rule {
id
name
description
enabled
action
platform
destination { application { id } }
routingPriority
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"splitTunnel": {"updateRule": {"status": "FAILURE", "rule": null}}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
splitTunnel {
updateSection(input: {
id: "5fe053cd-69fc-443d-ab14-5e838100d3c3"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"splitTunnel": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "New section"
}
}
}
}
}
}
}
TerminalServerPolicyMutations
addRule
Beta
Response
Returns a TerminalServerRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TerminalServerAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
addRule(input: {
at: {
position: LAST_IN_POLICY
}
rule: {
enabled:true
name: "Example Rule"
description: "Example description"
allowedHostIP: {
by: NAME
input: "12.22.18.0/24"
}
}
})
{
status
rule {
rule {
id
name
description
enabled
allowedHostIP {
id
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "Example Rule",
"description": "Example description",
"enabled": true,
"allowedHostIP": {"id": "1927110"}
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a TerminalServerPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"dynamicIpAllocation": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Test working with multiple revisions",
"name": "Test Revision",
"id": "ce815213-ec04-435a-8bf9-3ef5ada025e6",
"createdTime": "2024-09-25T14:31:07.605",
"updatedTime": "2024-09-25T14:31:07.605"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a TerminalServerPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardPolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {"discardPolicyRevision": {"status": "FAILURE"}}
}
}
}
moveRule
Beta
Response
Returns a TerminalServerRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
moveRule(input: {
id: "3c345055-4f14-48dc-ab8c-5b5db9d778fc"
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
index
id
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "3c345055-4f14-48dc-ab8c-5b5db9d778fc"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
terminalServer {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a TerminalServerPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId:ID!) {
policy(accountId: $accountId) {
terminalServer {
publishPolicyRevision(input: {
name: "Terminal Server Example"
description : "Terminal Server Example"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {"publishPolicyRevision": {"status": "SUCCESS"}}
}
}
}
removeRule
Beta
Response
Returns a TerminalServerRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TerminalServerRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId:ID!) {
policy(accountId: $accountId) {
terminalServer {
removeRule(input: {
id: "60ba1383-04ce-4a1f-8c61-5e5a3c2eabb1"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"terminalServer": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"terminalServer": {"removeSection": {"status": "SUCCESS"}}}
}
}
updatePolicy
Beta
Response
Returns a TerminalServerPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TerminalServerPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
updatePolicy(input: {
state: DISABLED
}){
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a TerminalServerRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TerminalServerUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
updateRule(input: {
id: "5fe053cd-69fc-443d-ab14-5e838100d3c3"
rule: {
name: "Updated Rule Name Example"
}
}) {
status
rule {
rule {
id
name
description
enabled
allowedHostIP {
id
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "Updated rule name",
"description": "Example description",
"enabled": true,
"allowedHostIP": {"id": "1927110"}
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
terminalServer {
updateSection(input: {
id: "5fe053cd-69fc-443d-ab14-5e838100d3c3"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"terminalServer": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "New section"
}
}
}
}
}
}
}
TlsInspectPolicyMutations
addRule
Beta
Response
Returns a TlsInspectRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TlsInspectAddRuleInput!
|
Example
Query
mutation AddTlsInspectRule($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
addRule(input: {
rule: {
enabled: true,
name: "TLS Example Rule",
description: "TLS Example description",
source: {
ip: ["192.0.2.1", "198.51.100.1"],
subnet: ["10.0.0.0/24"]
},
application: {
ip: ["203.0.113.1"],
domain: ["example.com"]
},
action: INSPECT,
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6",
"name": "TLS Example Rule",
"description": "TLS Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"action": "INSPECT"
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddTlsInspectSection($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"addSection": {
"section": {
"section": {
"id": "71bfef26-ad7b-460b-b793-dae1fd94b5da",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a TlsInspectPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateTlsInspectRevision($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
createPolicyRevision(input: {
name: "TLS Test Revision",
description: "Testing working with multiple TLS Inspection revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple TLS Inspection revisions",
"name": "TLS Test Revision",
"id": "77df1551-8b46-4530-8f1c-68dfe7b003df",
"createdTime": "2025-09-14T10:09:12.120",
"updatedTime": "2025-09-14T10:09:12.120"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a TlsInspectPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardTlsInspectPolicy($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"tlsInspect": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a TlsInspectRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveTlsInspectRule($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
moveRule(input: {
id: "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6",
"section": {
"id": "cab89258-646c-4ce8-8a91-9f13108d1e73",
"name": "updated TLS section name"
}
}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
moveSection(input: {
id: "71bfef26-ad7b-460b-b793-dae1fd94b5da"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "71bfef26-ad7b-460b-b793-dae1fd94b5da",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a TlsInspectPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishTlsInspectPolicy($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update access rules for remote offices"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"tlsInspect": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a TlsInspectRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TlsInspectRemoveRuleInput!
|
Example
Query
mutation RemoveTlsInspectRule($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
removeRule(input: {
id: "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"tlsInspect": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveTlsInspectSection($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
removeSection(input: {
id: "71bfef26-ad7b-460b-b793-dae1fd94b5da"
}) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"tlsInspect": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a TlsInspectPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TlsInspectPolicyUpdateInput!
|
Example
Query
mutation UpdateTlsInspectPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a TlsInspectRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - TlsInspectUpdateRuleInput!
|
Example
Query
mutation UpdateTlsInspectRule($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
updateRule(input: {
id: "2384ef6d-3a3f-4ce6-853b-c81454d1d8a6",
rule: {
enabled: true,
name: "Updated Tls Inspect Rule",
description: "Updated Tls Inspect description",
source: {
ip: ["192.0.2.2"]
},
action: INSPECT
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
action
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {"updateRule": {"status": "FAILURE", "rule": null}}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateTlsInspectSection($accountId: ID!) {
policy(accountId: $accountId) {
tlsInspect {
updateSection(input: {
id: "71bfef26-ad7b-460b-b793-dae1fd94b5da",
section: {
name: "updated TLS section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"tlsInspect": {"updateSection": {"status": "FAILURE", "section": null}}
}
}
}
WanFirewallPolicyMutations
addRule
Beta
Description
Add a new rule to the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallAddRuleInput!
|
Example
Query
mutation AddWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addRule(input: {
rule: {
enabled: true,
name: "WAN Example Rule",
description: "WAN Example description",
source: {
ip: ["192.0.2.1", "198.51.100.1"],
subnet: ["10.0.0.0/24"]
},
destination: {
ip: ["203.0.113.1"],
subnet: ["172.16.0.0/24"]
},
action: BLOCK,
direction: TO
},
at: {
position: LAST_IN_POLICY
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
action
direction
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"name": "WAN Example Rule",
"description": "WAN Example description",
"enabled": true,
"source": {
"ip": ["192.0.2.1", "198.51.100.1"],
"subnet": ["10.0.0.0/24"]
},
"destination": {
"ip": ["203.0.113.1"],
"subnet": ["172.16.0.0/24"]
},
"action": "BLOCK",
"direction": "TO"
}
}
}
}
}
}
}
addSection
Beta
Description
Add a new section to the policy. First section behaves as follows: When the first section is created, all the rules in the policy, including the default system rules, are automatically added to it. The first section containing the default system rules can be modified but not deleted. The first section will always remain first-in-policy, i.e. it cannot be moved, and not other sections can be moved or created before it.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addSection": {
"section": {
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
addSubPolicy
Beta
Description
Add a new sub-policy to the Wan Firewall policy.
Response
Returns a WanFirewallAddSubPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallAddSubPolicyInput!
|
Example
Query
mutation AddSubPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
addSubPolicy(input: {
scope: {
enabled: true
name: "Sub-policy 1"
description: "Example sub policy"
source: {
ip: ["192.0.2.1", "198.51.100.1"]
subnet: ["10.0.0.0/24"]
},
direction: BOTH
},
at: {
position: LAST_IN_POLICY
}
}) {
status
policy {
id
name
description
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"addSubPolicy": {
"status": "SUCCESS",
"policy": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Sub-policy 1",
"description": "Example sub policy",
"enabled": true
}
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateWanFirewallRevision($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
createPolicyRevision(input: {
name: "WAN Test Revision",
description: "Testing working with multiple WAN firewall revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple WAN firewall revisions",
"name": "WAN Test Revision",
"id": "6a496eda-b7c1-455e-820e-e839a0dcd2c0",
"createdTime": "2024-09-10T09:21:37.208",
"updatedTime": "2024-09-10T09:21:37.208"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardWanFirewallPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanFirewall": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Description
Change the relative location of an existing rule within the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
moveRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"section": {"id": "363808", "name": "Example Wan Section"}
}
}
}
}
}
}
}
moveSection
Beta
Description
Move a section to a new position within the policy. The section will be anchored in the new position, i.e. other admins will not be able to move it, or reference it when moving other sections, until the modified policy revision is published.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
moveSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
# PublishWanFirewallPolicy.graphql
mutation PublishWanFirewallPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update access rules for remote offices"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanFirewall": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Description
Remove an existing rule from the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallRemoveRuleInput!
|
Example
Query
mutation RemoveWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Description
Delete an existing section. The first section in policy cannot be deleted.
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanFirewall": {"removeSection": {"status": "SUCCESS"}}}}}
removeSubPolicy
Beta
Description
Remove an existing sub-policy from the Wan Firewall policy.
Response
Arguments
| Name | Description |
|---|---|
input - WanFirewallRemoveSubPolicyInput!
|
Example
Query
mutation RemoveSubPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
removeSubPolicy(input: {
ref: {
input: "5b1716a1-95c1-4206-9ffd-a53e34307bb9"
by: ID
}
}) {
status
policy {
id
name
description
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"removeSubPolicy": {
"status": "SUCCESS",
"policy": {
"id": "106ee457-4406-4ea4-a163-36aa247de48f",
"name": "Sub-policy 1",
"description": "Example sub policy",
"enabled": true
}
}
}
}
}
}
updatePolicy
Beta
Description
Change the state of the policy, e.g. enable or disable the policy. Applicable to the published policy only. State changes are applied immediately and not as part of publishing a policy revision.
Response
Returns a WanFirewallPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallPolicyUpdateInput!
|
Example
Query
mutation UpdateWanFirewallPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Description
Update an existing rule of the Wan Firewall policy.
Response
Returns a WanFirewallRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanFirewallUpdateRuleInput!
|
Example
Query
mutation UpdateWanFirewallRule($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updateRule(input: {
id: "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
rule: {
enabled: true,
name: "Updated WAN Rule",
description: "Updated WAN description",
source: {
ip: ["192.0.2.2"]
},
destination: {
subnet: ["172.16.0.0/16"]
},
action: ALLOW,
direction: BOTH
}
}) {
status
rule {
rule {
id
name
description
enabled
source {
ip
subnet
}
destination {
ip
subnet
}
action
direction
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "28dc619b-c27b-4c46-9e23-d149c9dd4fbe",
"name": "Updated WAN Rule",
"description": "Updated WAN description",
"enabled": true,
"source": {"ip": ["192.0.2.2"], "subnet": ["10.0.0.0/24"]},
"destination": {
"ip": ["203.0.113.1"],
"subnet": ["172.16.0.0/16"]
},
"action": "ALLOW",
"direction": "BOTH"
}
}
}
}
}
}
}
updateSection
Beta
Description
Update policy section attributes
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateWanFirewallSection($accountId: ID!) {
policy(accountId: $accountId) {
wanFirewall {
updateSection(input: {
id: "3b01b175-0098-45ea-a503-707463d01781",
section: {
name: "updated WAN section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanFirewall": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "3b01b175-0098-45ea-a503-707463d01781",
"name": "My new section"
}
}
}
}
}
}
}
WanNetworkPolicyMutations
addRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkAddRuleInput!
|
Example
Query
mutation wanNetworkAddRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
addRule(input: {
rule: {
enabled: true,
name: "my WAN network rule",
description: "my WAN network rule description example",
bandwidthPriority: {
input: "-1",
by: ID
},
ruleType: INTERNET,
configuration: {
primaryTransport: {
transportType: WAN,
primaryInterfaceRole: WAN1,
secondaryInterfaceRole: WAN2
},
activeTcpAcceleration: true,
packetLossMitigation: false,
preserveSourcePort: false
}
},
at: {
position: LAST_IN_POLICY
}
}) {
rule {
rule {
id
enabled
name
description
bandwidthPriority {
id
}
ruleType
configuration {
primaryTransport {
transportType
primaryInterfaceRole
secondaryInterfaceRole
}
activeTcpAcceleration
packetLossMitigation
preserveSourcePort
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"addRule": {
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"enabled": true,
"name": "my WAN network rule",
"description": "my WAN network rule description example",
"bandwidthPriority": {"id": "-1"},
"ruleType": "INTERNET",
"configuration": {
"primaryTransport": {
"transportType": "WAN",
"primaryInterfaceRole": "WAN1",
"secondaryInterfaceRole": "WAN2"
},
"activeTcpAcceleration": true,
"packetLossMitigation": false,
"preserveSourcePort": false
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation wanNetworkAddSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
addSection(input: {
section: {
name: "My new section"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"addSection": {
"section": {
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreateWanNetworkRevision($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
createPolicyRevision(input: {
name: "WAN network Test Revision",
description: "Testing working with multiple WAN network revisions"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Testing working with multiple WAN network revisions",
"name": "WAN network Test Revision",
"id": "fa62d870-ccc6-45e1-af66-bf78c29bee68",
"createdTime": "2025-03-03T08:58:52.707",
"updatedTime": "2025-03-03T08:58:52.707"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation DiscardWanNetworkPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
discardPolicyRevision {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanNetwork": {"discardPolicyRevision": {"status": "FAILURE"}}}
}
}
moveRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation wanNetworkMoveRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
moveRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237",
to: {
position: FIRST_IN_POLICY
}
}) {
status
rule {
rule {
id
section {
id
name
}
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"section": {
"id": "52bd561b-2877-4941-a3d0-5c7219e8e7b7",
"name": "Wan network example section"
}
}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation wanNetworkMoveSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
moveSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3"
to: {
position: LAST_IN_POLICY
}
}) {
status
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"moveSection": {
"status": "SUCCESS",
"section": {
"properties": ["MOVED"],
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
# wanNetworkPublishPolicy.graphql
mutation wanNetworkPublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
publishPolicyRevision(input: {
name: "Ticket #456",
description: "Update network rules"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {"wanNetwork": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkRemoveRuleInput!
|
Example
Query
mutation wanNetworkRemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
removeRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanNetwork": {"removeRule": {"status": "SUCCESS"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation wanNetworkDeleteSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
removeSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"wanNetwork": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a WanNetworkPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkPolicyUpdateInput!
|
Example
Query
mutation UpdateWanNetworkPolicyState($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updatePolicy(input: {
state: DISABLED
}) {
status
policy {
enabled
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a WanNetworkRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - WanNetworkUpdateRuleInput!
|
Example
Query
mutation wanNetworkUpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updateRule(input: {
id: "b1d1c229-b010-460a-8afd-d09e44b8e237",
rule: {
enabled: true,
name: "Update my WAN network rule example",
description: "Updated my WAN network rule description example",
bandwidthPriority: {
input: "1436786",
by: ID
},
ruleType: INTERNET,
configuration: {
primaryTransport: {
transportType: WAN,
primaryInterfaceRole: WAN1,
secondaryInterfaceRole: WAN2
},
activeTcpAcceleration: true,
packetLossMitigation: false,
preserveSourcePort: false
}
}
}) {
rule {
rule {
id
enabled
name
description
bandwidthPriority {
id
}
ruleType
configuration {
primaryTransport {
transportType
primaryInterfaceRole
secondaryInterfaceRole
}
activeTcpAcceleration
packetLossMitigation
preserveSourcePort
}
}
}
errors {
errorCode
errorMessage
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updateRule": {
"rule": {
"rule": {
"id": "b1d1c229-b010-460a-8afd-d09e44b8e237",
"enabled": true,
"name": "Update my WAN network rule example",
"description": "Updated my WAN network rule description example",
"bandwidthPriority": {"id": "1436786"},
"ruleType": "INTERNET",
"configuration": {
"primaryTransport": {
"transportType": "WAN",
"primaryInterfaceRole": "WAN1",
"secondaryInterfaceRole": "WAN2"
},
"activeTcpAcceleration": true,
"packetLossMitigation": false,
"preserveSourcePort": false
}
}
},
"errors": [],
"status": "SUCCESS"
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation wanNetworkUpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
wanNetwork {
updateSection(input: {
id: "d10c20fe-256c-4780-8239-7b432c9f8fc3",
section: {
name: "updated WAN network section name"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"wanNetwork": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "d10c20fe-256c-4780-8239-7b432c9f8fc3",
"name": "My new section"
}
}
}
}
}
}
}
XdrMutations
addStoryComment
Beta
Description
Post comments that help track the story investigation
Response
Returns an AddStoryCommentPayload
Arguments
| Name | Description |
|---|---|
input - AddStoryCommentInput!
|
Example
Query
mutation addStoryComment(
$accountId: ID!,
$input: AddStoryCommentInput!) {
xdr(accountId: $accountId) {
addStoryComment(
input: $input) {
comment {
id
createdAt
text
actor {
id
name
__typename
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {"storyId": "012345678901234567890123", "text": "This is a comment"}
}
Response
{
"data": {
"xdr": {
"addStoryComment": {
"comment": {
"id": "01234567-0123-0123-0123-012345678901",
"createdAt": "2024-01-01T00:00:00Z",
"text": "This is a comment",
"actor": {"id": 1, "name": "Actor1", "__typename": "AdminRef"}
}
}
}
}
}
analystFeedback
Beta
Description
Manage Story Actions, such as the story Verdict, Type, and Classification. You can also enter Additional Info that is relevant to the story.
Response
Returns an AnalystFeedbackPayload
Arguments
| Name | Description |
|---|---|
input - AnalystFeedbackInput!
|
Example
Query
mutation analystFeedback(
$accountId: ID!,
$input: AnalystFeedbackInput!) {
xdr(accountId: $accountId) {
analystFeedback(
input: $input) {
story {
id
accountId
analystName
analystEmail
accountName
updatedAt
createdAt
summary
incident {
id
firstSignal
lastSignal
engineType
vendor
producer
producerName
connectionType
indication
queryName
criticality
source
ticket
status
research
storyDuration
description
sourceIp
analystFeedback {
verdict
severity
threatType {
name
recommendedAction
details
}
threatClassification
additionalInfo
}
site {
id
name
}
user {
id
name
}
predictedVerdict
predictedThreatType
}
timeline {
createdAt
description
context
type
descriptions
category
additionalInfo
analystInfo {
name
email
}
}
playbook
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"storyId": "012345678901234567890123",
"verdict": "Suspicious",
"severity": "High",
"threatType": {
"name": "threatTypeName",
"recommendedAction": "recommendedAction",
"details": "details"
},
"threatClassification": "threatClassification",
"additionalInfo": "additionalInfo",
"status": "Open"
}
}
Response
{
"data": {
"xdr": {
"analystFeedback": {
"id": "012345678901234567890123",
"accountId": "123",
"analystName": "analystName",
"analystEmail": "analyst@email.com",
"accountName": "accountName",
"updatedAt": "2024-02-29T09:00:00Z",
"createdAt": "2024-02-29T09:00:00Z",
"playbook": null,
"summary": "summary",
"incident": {
"__typename": "Threat",
"id": "id",
"firstSignal": "2024-02-29T09:00:00Z",
"lastSignal": "2024-02-29T09:00:00Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyStats",
"producerName": "producerName",
"connectionType": "Site",
"indication": "indication",
"queryName": "queryName",
"criticality": 1,
"source": "source",
"ticket": null,
"status": "Open",
"research": false,
"siteName": "siteName",
"storyDuration": 1000,
"description": "description",
"sourceIp": "1.2.3.4",
"analystFeedback": {
"verdict": "Suspicious",
"severity": "High",
"threatType": {
"name": "PuP",
"details": null,
"recommendedAction": null
},
"threatClassification": null,
"additionalInfo": null
},
"site": {"id": "id", "name": "name"},
"user": {"id": "id", "name": "name"},
"predictedVerdict": null,
"predictedThreatType": null
},
"timeline": [
{
"createdAt": "2024-03-27T08:22:51Z",
"description": "description",
"context": "Story created",
"type": "Diff",
"descriptions": [],
"category": null,
"additionalInfo": null,
"analystInfo": {"name": "name", "email": "email@email.com"}
}
]
}
}
}
}
deleteStoryComment
Beta
Description
Delete a previously posted comment using the comment ID.
Response
Returns a DeleteStoryCommentPayload
Arguments
| Name | Description |
|---|---|
input - DeleteStoryCommentInput!
|
Example
Query
mutation deleteStoryComment(
$accountId: ID!,
$input: DeleteStoryCommentInput!) {
xdr(accountId: $accountId) {
deleteStoryComment(
input: $input) {
comment {
id
createdAt
text
actor {
id
name
__typename
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"storyId": "012345678901234567890123",
"commentId": "01234567-0123-0123-0123-012345678901"
}
}
Response
{
"data": {
"xdr": {
"deleteStoryComment": {
"comment": {
"id": "01234567-0123-0123-0123-012345678901",
"createdAt": "2024-01-01T00:00:00Z",
"text": "This is a comment",
"actor": {"id": 1, "name": "Actor1", "__typename": "AdminRef"}
}
}
}
}
}
updateInvestigationDetails
Beta
Response
Returns an UpdateInvestigationDetailsPayload
Arguments
| Name | Description |
|---|---|
input - UpdateInvestigationDetailsInput!
|
Example
Query
mutation updateInvestigationDetails(
$accountId: ID!,
$input: UpdateInvestigationDetailsInput!) {
xdr(accountId: $accountId) {
updateInvestigationDetails(
input: $input) {
investigationDetails {
investigationStatus
managedServiceTicketLink
lastUserComment {
id
createdAt
text
actor {
id
name
__typename
}
}
lastManagedComment {
id
createdAt
text
actor {
id
name
__typename
}
}
}
}
}
}
Variables
{
"accountId": "123",
"input": {
"storyId": "012345678901234567890123",
"investigationStatus": "In Progress",
"managedServiceTicketLink": "https://example.com/ticket/12345"
}
}
Response
{
"data": {
"xdr": {
"updateInvestigationDetails": {
"investigationDetails": {
"investigationStatus": "In Progress",
"managedServiceTicketLink": "https://example.com/ticket/12345",
"lastUserComment": {
"id": "01234567-0123-0123-0123-012345678901",
"createdAt": "2024-02-29T09:00:00Z",
"text": "User comment text",
"actor": {"id": "1", "name": "John Doe", "__typename": "AdminRef"}
},
"lastManagedComment": {
"id": "01234567-0123-0123-0123-012345678902",
"createdAt": "2024-02-29T10:00:00Z",
"text": "Managed service comment text",
"actor": {"id": "2", "name": "Jane Smith", "__typename": "AdminRef"}
}
}
}
}
}
}
ZtnaAlwaysOnPolicyMutations
addRule
Beta
Response
Returns a ZtnaAlwaysOnRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnAddRuleInput!
|
Example
Query
mutation AddRule($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
addRule(input: {
at: { position: LAST_IN_POLICY }
rule: {
enabled: true
name: "Rule Example "
description: "Description Example"
action: ENFORCE
platform: [WINDOWS]
bypassDuration: { time: 15, unit: MINUTES }
antiTamperMode: OFF
allowUserBypass: false
allowFailOpen: true
}
}) {
status
errors { errorCode errorMessage }
rule {
rule {
id
name
description
enabled
action
platform
bypassDuration { time unit }
antiTamperMode
allowUserBypass
allowFailOpen
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"addRule": {
"status": "SUCCESS",
"errors": [],
"rule": {
"rule": {
"id": "dc86486d-1377-4b51-b38f-7911da8f962c",
"name": "Rule Example ",
"description": "Description Example",
"enabled": true,
"action": "ENFORCE",
"platform": ["WINDOWS"],
"bypassDuration": {"time": 15, "unit": "MINUTES"},
"antiTamperMode": "OFF",
"allowUserBypass": false,
"allowFailOpen": true
}
}
}
}
}
}
}
addSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyAddSectionInput!
|
Example
Query
mutation AddSection($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
addSection(input: {
section: {
name: "New Section Name Example"
},
at: {
position: LAST_IN_POLICY
}
}) {
section {
section {
id
name
}
}
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"addSection": {
"section": {
"section": {
"id": "83e54a6a-9998-4fcf-b1a1-5313e52cc5f0",
"name": "New section2"
}
},
"status": "SUCCESS"
}
}
}
}
}
createPolicyRevision
Beta
Response
Returns a ZtnaAlwaysOnPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyCreateRevisionInput!
|
Example
Query
mutation CreatePolicyRevision($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
createPolicyRevision(input: {
name: "Revision Name Example"
description: "Revision Description Example"
}) {
status
policy {
revision {
description
name
id
createdTime
updatedTime
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"createPolicyRevision": {
"status": "SUCCESS",
"policy": {
"revision": {
"description": "Revision Description Example",
"name": "Revision Name Example",
"id": "89914c1d-3fe5-4398-9488-8373ca619411",
"createdTime": "2025-11-09T12:20:21.100",
"updatedTime": "2025-11-09T12:20:21.100"
}
}
}
}
}
}
}
discardPolicyRevision
Beta
Response
Returns a ZtnaAlwaysOnPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyDiscardRevisionInput
|
Example
Query
mutation ztnaAlwaysOnDiscardPolicy($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
discardPolicyRevision {
status
errors {
errorCode
errorMessage
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"discardPolicyRevision": {
"status": "FAILURE",
"errors": [
{
"errorCode": "PolicyRevisionNotFound",
"errorMessage": "Revision was not found"
}
]
}
}
}
}
}
moveRule
Beta
Response
Returns a ZtnaAlwaysOnRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveRuleInput!
|
Example
Query
mutation MoveRule($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
moveRule(input: { id: "601d474a-9843-4511-8c65-cc3885f9e449" to: { position: FIRST_IN_POLICY } }) {
status
rule { rule { index id } }
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"moveRule": {
"status": "SUCCESS",
"rule": {
"rule": {"index": 1, "id": "601d474a-9843-4511-8c65-cc3885f9e449"}
}
}
}
}
}
}
moveSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyMoveSectionInput!
|
Example
Query
mutation MoveSection($accountId:ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
moveSection(input: {
id: "0495cf5e-1598-4f34-8c01-94970620c68f"
to: {
position: LAST_IN_POLICY
}
}) {
status
errors {
errorMessage
errorCode
}
section {
properties
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"moveSection": {
"status": "SUCCESS",
"errors": [],
"section": {
"properties": ["MOVED"],
"section": {
"id": "0495cf5e-1598-4f34-8c01-94970620c68f",
"name": "New section 2"
}
}
}
}
}
}
}
publishPolicyRevision
Beta
Response
Returns a ZtnaAlwaysOnPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyPublishRevisionInput
|
Example
Query
mutation PublishPolicy($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
publishPolicyRevision(input: { name: "IT Group SDP Users Always On Example" description: "Publish Always On policy revision Example" }) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {"ztnaAlwaysOn": {"publishPolicyRevision": {"status": "SUCCESS"}}}
}
}
removeRule
Beta
Response
Returns a ZtnaAlwaysOnRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnRemoveRuleInput!
|
Example
Query
mutation RemoveRule($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
removeRule(input: { id: "b0bda711-b998-4c6d-9939-e0730d3d2ba3" }) {
status
}
}
}
}
Variables
{"accountId": 203337}
Response
{"data": {"policy": {"ztnaAlwaysOn": {"removeRule": {"status": "FAILURE"}}}}}
removeSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyRemoveSectionInput!
|
Example
Query
mutation RemoveSection($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
removeSection(input: {
id: "f4d0862d-cd2f-47fa-9a94-ce418130ce1f"
}) {
status
}
}
}
}
Variables
{"accountId": 12345}
Response
{"data": {"policy": {"ztnaAlwaysOn": {"removeSection": {"status": "SUCCESS"}}}}}
updatePolicy
Beta
Response
Returns a ZtnaAlwaysOnPolicyMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnPolicyUpdateInput!
|
Example
Query
mutation UpdatePolicyState($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
updatePolicy(input: { state: DISABLED }) {
status
policy { enabled }
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"updatePolicy": {"status": "SUCCESS", "policy": {"enabled": false}}
}
}
}
}
updateRule
Beta
Response
Returns a ZtnaAlwaysOnRuleMutationPayload!
Arguments
| Name | Description |
|---|---|
input - ZtnaAlwaysOnUpdateRuleInput!
|
Example
Query
mutation UpdateRule($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
updateRule(input: {
id: "601d474a-9843-4511-8c65-cc3885f9e449"
rule: {
name: "Updated Rule Name Example"
platform: [MACOS]
}
}) {
status
rule {
rule {
id
name
platform
}
}
}
}
}
}
Variables
{"accountId": 203337}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"updateRule": {
"status": "SUCCESS",
"rule": {
"rule": {
"id": "601d474a-9843-4511-8c65-cc3885f9e449",
"name": "Updated Rule Name Example",
"platform": ["MACOS"]
}
}
}
}
}
}
}
updateSection
Beta
Response
Returns a PolicySectionMutationPayload!
Arguments
| Name | Description |
|---|---|
input - PolicyUpdateSectionInput!
|
Example
Query
mutation UpdateSection($accountId: ID!) {
policy(accountId: $accountId) {
ztnaAlwaysOn {
updateSection(input: {
id: "5fe053cd-69fc-443d-ab14-5e838100d3c3"
section: {
name: "Updated Section Name Example"
}
}) {
status
section {
section {
id
name
}
}
}
}
}
}
Variables
{"accountId": 12345}
Response
{
"data": {
"policy": {
"ztnaAlwaysOn": {
"updateSection": {
"status": "SUCCESS",
"section": {
"section": {
"id": "5fe053cd-69fc-443d-ab14-5e838100d3c3",
"name": "New section"
}
}
}
}
}
}
}
Types
AISecurityApplicationsLicense
BetaDescription
AI Security Applications service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
AISecurityUsersLicense
BetaDescription
AI Security Users service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
AccessRequestSortInput
BetaDescription
Sort settings for managed account access requests.
Fields
| Input Field | Description |
|---|---|
activeDate - SortOrderInput
|
Sort by activation date. |
expirationDate - SortOrderInput
|
Sort by expiration date. |
id - SortOrderInput
|
Sort by request ID. |
requestedDate - SortOrderInput
|
Sort by requested date. |
status - SortOrderInput
|
Sort by status. |
Example
{
"activeDate": SortOrderInput,
"expirationDate": SortOrderInput,
"id": SortOrderInput,
"requestedDate": SortOrderInput,
"status": SortOrderInput
}
AccessRequestStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
AccessRequestStatusFilterInput
BetaDescription
Filter criteria for access request status.
Fields
| Input Field | Description |
|---|---|
eq - AccessRequestStatus
|
Equals. |
in - [AccessRequestStatus!]
|
In list. |
neq - AccessRequestStatus
|
Not equals. |
nin - [AccessRequestStatus!]
|
Not in list. |
Example
{"eq": "ACTIVE", "in": ["ACTIVE"], "neq": "ACTIVE", "nin": ["ACTIVE"]}
AccessRequestTypeFilterInput
BetaDescription
Filter criteria for access request type.
Fields
| Input Field | Description |
|---|---|
eq - ExternalAccessRequestType
|
Equals. |
in - [ExternalAccessRequestType!]
|
In list. |
neq - ExternalAccessRequestType
|
Not equals. |
nin - [ExternalAccessRequestType!]
|
Not in list. |
Example
{"eq": "AUTOMATE", "in": ["AUTOMATE"], "neq": "AUTOMATE", "nin": ["AUTOMATE"]}
AccessTokenRef
BetaAccountAuditData
AccountDataPayload
AccountFilter
BetaFields
| Input Field | Description |
|---|---|
accountInclusion - AccountInclusion
|
|
in - [ID!]
|
Example
{
"accountInclusion": "ALL_ACCOUNTS",
"in": ["4"]
}
AccountIdPredicate
BetaAccountInclusion
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ALL_ACCOUNTS"
AccountInfo
Fields
| Field Name | Description |
|---|---|
audit - AccountAuditData!
|
Audit data for the account |
description - String
|
User-defined information as defined by an account admin |
id - ID!
|
The ID of the account |
name - String!
|
The name of the account |
plan - AccountPlan
|
The account plan |
status - AccountStatus!
|
The account status |
tenancy - AccountTenancy!
|
The account tenancy e.g. single-tenant / multi-tenant |
timeZone - TimeZone!
|
The time zone of the account. Default: UTC (GMT + 0). |
type - AccountProfileType!
|
The account type e.g. Partner or Customer |
Example
{
"audit": AccountAuditData,
"description": "xyz789",
"id": "4",
"name": "abc123",
"plan": "COMMERCIAL",
"status": "ACTIVE",
"tenancy": "MULTI_TENANT",
"timeZone": "Etc/UTC",
"type": "CUSTOMER"
}
AccountMetrics
Fields
| Field Name | Description |
|---|---|
from - DateTime
|
Starting time |
granularity - Int
|
The size of a single time bucket in seconds |
id - ID
|
Unique Identifier of Account. |
sites - [SiteMetrics!]
|
Site connectivity metrics for the requested sites. |
Arguments
|
|
timeseries - [Timeseries!]
|
|
Arguments
|
|
to - DateTime
|
Ending time |
users - [SiteMetrics!]
|
Connectivity metrics for the requested users connecting remotely with the Client. Doesn’t include user traffic behind a site. |
Arguments
|
|
Example
{
"from": "2007-12-03T10:15:30Z",
"granularity": 123,
"id": 4,
"sites": [SiteMetrics],
"timeseries": [Timeseries],
"to": "2007-12-03T10:15:30Z",
"users": [SiteMetrics]
}
AccountOperationsIncident
Fields
| Field Name | Description |
|---|---|
incidentTimeline - [AccountOperationsTimelineBase!]!
|
|
metadata - [AccountOperationsMetadata!]!
|
|
playbooks - [AiOperationsPlaybook!]!
|
Example
{
"incidentTimeline": [AccountOperationsTimelineBase],
"metadata": [AccountOperationsMetadata],
"playbooks": [AiOperationsPlaybook]
}
AccountOperationsMetadata
Fields
| Field Name | Description |
|---|---|
key - String!
|
|
type - MetadataType!
|
|
value - String!
|
Example
{
"key": "abc123",
"type": "TXT",
"value": "abc123"
}
AccountOperationsTimelineBase
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
created - Time!
|
|
validated - Time!
|
|
description - String!
|
|
type - AccountOperationsTimelineType!
|
Possible Types
| AccountOperationsTimelineBase Types |
|---|
Example
{
"id": 4,
"created": "10:15:30Z",
"validated": "10:15:30Z",
"description": "xyz789",
"type": "Action"
}
AccountOperationsTimelineEvent
Fields
| Field Name | Description |
|---|---|
created - Time!
|
|
description - String!
|
|
eventIds - [String!]!
|
|
id - ID!
|
|
muted - Boolean!
|
|
type - AccountOperationsTimelineType!
|
|
validated - Time!
|
Example
{
"created": "10:15:30Z",
"description": "xyz789",
"eventIds": ["xyz789"],
"id": 4,
"muted": true,
"type": "Action",
"validated": "10:15:30Z"
}
AccountOperationsTimelineType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"Action"
AccountPlan
Description
enum that shows account license status
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"COMMERCIAL"
AccountProfileType
Description
enum for account type
Values
| Enum Value | Description |
|---|---|
|
|
A customer account |
|
|
A partner account |
Example
"CUSTOMER"
AccountRef
BetaAccountRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
AccountRolesResult
Fields
| Field Name | Description |
|---|---|
items - [RBACRole!]!
|
|
total - Int!
|
Example
{"items": [RBACRole], "total": 123}
AccountSnapshot
Fields
| Field Name | Description |
|---|---|
id - ID
|
Unique Identifier of Account |
sites - [SiteSnapshot!]
|
Sites includes information about online as well as offline sites |
Arguments
|
|
timestamp - DateTime
|
|
users - [UserSnapshot!]
|
VPN users information includes only connected users by default (Unlike sites), unless specific ID is requested |
Arguments
|
|
Example
{
"id": 4,
"sites": [SiteSnapshot],
"timestamp": "2007-12-03T10:15:30Z",
"users": [UserSnapshot]
}
AccountStatus
Description
enum that shows account license status
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
AccountTenancy
Description
enum for account tenancy
Values
| Enum Value | Description |
|---|---|
|
|
Multi tenant account - default for partner accounts |
|
|
Single tenant account - default for customer accounts |
Example
"MULTI_TENANT"
AccountType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALL"
Activity
Possible Types
| Activity Types |
|---|
Example
{
"id": 4,
"resourceId": "4",
"parentResourceId": 4
}
ActorRef
BetaActorRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
AddAccountInput
Fields
| Input Field | Description |
|---|---|
description - String
|
User-defined information as defined by an account admin |
name - String!
|
The name of the account |
tenancy - AccountTenancy!
|
The account tenancy (single-tenant / multi-tenant) |
timezone - TimeZone!
|
The time zone of the account. Default: UTC (GMT + 0). |
type - AccountProfileType!
|
The account type (Partner / customer) |
Example
{
"description": "abc123",
"name": "xyz789",
"tenancy": "MULTI_TENANT",
"timezone": "Etc/UTC",
"type": "CUSTOMER"
}
AddAdminInput
Fields
| Input Field | Description |
|---|---|
adminType - AdminType
|
|
email - String
|
|
firstName - String!
|
|
lastName - String!
|
|
managedRoles - [UpdateAdminRoleInput!]
|
|
passwordNeverExpires - Boolean!
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"adminType": "LOGIN",
"email": "abc123",
"firstName": "abc123",
"lastName": "xyz789",
"managedRoles": [UpdateAdminRoleInput],
"passwordNeverExpires": true,
"resellerRoles": [UpdateAdminRoleInput]
}
AddAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": "4"}
AddBgpPeerInput
BetaFields
| Input Field | Description |
|---|---|
advertiseAllRoutes - Boolean!
|
Advertise all routes if true. Default |
advertiseDefaultRoute - Boolean!
|
Advertise the default route (0.0.0.0/0) if true. Default |
advertiseSummaryRoutes - Boolean!
|
Advertise summarized routes if true. Default |
bfdEnabled - Boolean!
|
Enable BFD for session failure detection if true. Default |
bfdSettings - BfdSettingsInput
|
Required BFD configuration if BFD is enabled. |
catoAsn - Asn16!
|
The AS number of Cato's BGP endpoint. |
defaultAction - BgpDefaultAction!
|
Default action for routes not matching filters (ACCEPT or DROP). |
defaultActionExclusion - [BgpFilterRuleInput!]!
|
Excluded rules from the default action. Default |
defaultRouteCommunities - [BgpCommunityInput!]!
|
Community values to associate with the default route. Default |
holdTime - Int!
|
Time (in seconds) before declaring the peer unreachable. Default |
keepaliveInterval - Int!
|
Time (in seconds) between keepalive messages. Default |
md5AuthKey - String
|
MD5 authentication key for secure sessions. |
metric - Int!
|
Route preference metric; lower values are given precedence. Default |
name - String!
|
Name of the BGP configuration entity. |
peerAsn - Asn32!
|
The AS number of the peer BGP endpoint. |
peerIp - IPAddress!
|
IP address of the peer BGP endpoint. |
performNat - Boolean!
|
Perform NAT if true. Default |
site - SiteRefInput!
|
Information about the site where the BGP peer is being added. |
summaryRoute - [BgpSummaryRouteInput!]!
|
Summarized routes to advertise. Default |
tracking - BgpTrackingInput
|
Configuration for tracking the health and status of the BGP peer. |
Example
{
"advertiseAllRoutes": true,
"advertiseDefaultRoute": true,
"advertiseSummaryRoutes": true,
"bfdEnabled": false,
"bfdSettings": BfdSettingsInput,
"catoAsn": Asn16,
"defaultAction": "ACCEPT",
"defaultActionExclusion": [BgpFilterRuleInput],
"defaultRouteCommunities": [BgpCommunityInput],
"holdTime": 123,
"keepaliveInterval": 987,
"md5AuthKey": "xyz789",
"metric": 123,
"name": "abc123",
"peerAsn": Asn32,
"peerIp": IPAddress,
"performNat": false,
"site": SiteRefInput,
"summaryRoute": [BgpSummaryRouteInput],
"tracking": BgpTrackingInput
}
AddBgpPeerPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - BgpPeer!
|
The BGP peer that was successfully added. |
Example
{"bgpPeer": BgpPeer}
AddCloudInterconnectPhysicalConnectionInput
BetaDescription
Input for adding a new physical connection to a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
downstreamBwLimit - NetworkBandwidth!
|
Downstream bandwidth limit. |
encapsulationMethod - TaggingMethod!
|
Method of encapsulation.Wither .1Q/QinQ |
haRole - HaRole!
|
High availability role of the connection. |
popLocation - PopLocationRefInput!
|
Identifying data for the POP location. |
privateCatoIp - IPAddress!
|
Private IP address of Cato. |
privateSiteIp - IPAddress!
|
Private IP address of the site. |
QinQVlanConfiguration - QinQVlanConfiguration
|
QinQ VLAN configuration for QinQ encapsulated connections. Applicable only to reseller accounts with private POPs. |
serviceProviderName - String!
|
Name of the service provider. Usually a partner, or a fabric service provider. |
site - SiteRefInput!
|
Identifying data for the site. |
subnet - NetworkSubnet!
|
Subnet for the connection, the BGP peering range. /30 CIDR. |
upstreamBwLimit - NetworkBandwidth!
|
Upstream bandwidth limit. |
vlan - Vlan
|
VLAN configuration for Dot1Q encapsulated connections. Applicable only to reseller accounts with private POPs. |
Example
{
"downstreamBwLimit": NetworkBandwidth,
"encapsulationMethod": "DOT1Q",
"haRole": "PRIMARY",
"popLocation": PopLocationRefInput,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"QinQVlanConfiguration": QinQVlanConfiguration,
"serviceProviderName": "abc123",
"site": SiteRefInput,
"subnet": NetworkSubnet,
"upstreamBwLimit": NetworkBandwidth,
"vlan": Vlan
}
AddCloudInterconnectPhysicalConnectionPayload
BetaDescription
Payload for adding a new physical connection to a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the newly added connection. |
Example
{"id": "4"}
AddCloudInterconnectSiteInput
BetaDescription
Input for adding a new cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
description - String
|
Description of the site. |
name - String!
|
Name of the site. |
siteLocation - AddSiteLocationInput!
|
Location details of the site. |
siteType - SiteType!
|
Type of the site. Default |
Example
{
"description": "abc123",
"name": "abc123",
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH"
}
AddCloudInterconnectSitePayload
BetaDescription
Payload for adding a new cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
ID of the newly added site. |
Example
{"siteId": 4}
Fields
| Input Field | Description |
|---|---|
category - [ApplicationCategoryRefInput!]
|
|
criteria - [CustomApplicationCriteriaInput!]!
|
|
description - String
|
|
name - String!
|
Example
{
"category": [ApplicationCategoryRefInput],
"criteria": [CustomApplicationCriteriaInput],
"description": "abc123",
"name": "xyz789"
}
Fields
| Field Name | Description |
|---|---|
customApplication - CustomApplication!
|
Example
{"customApplication": CustomApplication}
AddIpsecIkeV2SiteInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
name - String!
|
The name of the site |
nativeNetworkRange - IPSubnet!
|
The native range of the site |
siteLocation - AddSiteLocationInput!
|
The location of the site |
siteType - SiteType!
|
Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER. Default |
vlan - Vlan
|
VLAN ID for native range |
Example
{
"description": "abc123",
"name": "xyz789",
"nativeNetworkRange": IPSubnet,
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH",
"vlan": Vlan
}
AddIpsecIkeV2SiteMultiTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
fqdn - Fqdn
|
Cato’s FQDN for the multi-tunnel |
tunnels - [AddIpsecIkeV2SiteTunnelPayload!]!
|
Example
{
"fqdn": Fqdn,
"tunnels": [AddIpsecIkeV2SiteTunnelPayload]
}
AddIpsecIkeV2SitePayload
BetaFields
| Field Name | Description |
|---|---|
siteId - ID!
|
The ID of the site |
Example
{"siteId": "4"}
AddIpsecIkeV2SiteTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
localId - String
|
The local ID for the tunnel |
tunnelId - IPSecV2InterfaceId
|
The ID of the tunnel |
Example
{
"localId": "xyz789",
"tunnelId": "PRIMARY1"
}
AddIpsecIkeV2SiteTunnelsInput
BetaFields
| Input Field | Description |
|---|---|
primary - AddIpsecIkeV2TunnelsInput
|
The configuration of the site’s primary tunnel |
secondary - AddIpsecIkeV2TunnelsInput
|
The configuration of the site’s secondary tunnel |
Example
{
"primary": AddIpsecIkeV2TunnelsInput,
"secondary": AddIpsecIkeV2TunnelsInput
}
AddIpsecIkeV2SiteTunnelsPayload
BetaFields
| Field Name | Description |
|---|---|
primary - AddIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the primary tunnel |
secondary - AddIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the secondary tunnel |
siteId - ID!
|
The ID of the site |
Example
{
"primary": AddIpsecIkeV2SiteMultiTunnelPayload,
"secondary": AddIpsecIkeV2SiteMultiTunnelPayload,
"siteId": 4
}
AddIpsecIkeV2TunnelInput
BetaFields
| Input Field | Description |
|---|---|
lastMileBw - LastMileBwInput
|
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below |
name - String
|
Tunnel name |
privateCatoIp - IPAddress
|
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only |
privateSiteIp - IPAddress
|
Site private IP, used for BGP routing. Applicable for sites using BGP only |
psk - String!
|
Pre-shared key. This field is write-only. |
publicSiteIp - IPAddress
|
The public IP address where the IPsec tunnel is initiated |
role - IPSecV2TunnelRole
|
Tunnel role |
Example
{
"lastMileBw": LastMileBwInput,
"name": "abc123",
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"psk": "xyz789",
"publicSiteIp": IPAddress,
"role": "WAN1"
}
AddIpsecIkeV2TunnelsInput
BetaFields
| Input Field | Description |
|---|---|
destinationType - DestinationType
|
The destination type of the IPsec tunnel |
popLocationId - ID
|
The PoP location ID |
publicCatoIpId - ID
|
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud |
tunnels - [AddIpsecIkeV2TunnelInput!]!
|
Example
{
"destinationType": "FQDN",
"popLocationId": "4",
"publicCatoIpId": "4",
"tunnels": [AddIpsecIkeV2TunnelInput]
}
AddNetworkRangeInput
Fields
| Input Field | Description |
|---|---|
azureFloatingIp - IPAddress
|
Only relevant for AZURE HA sites |
dhcpSettings - NetworkDhcpSettingsInput
|
Only relevant for NATIVE, VLAN rangeType |
gateway - IPAddress
|
Only relevant for ROUTED_ROUTE rangeType |
internetOnly - Boolean
|
|
localIp - IPAddress
|
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType |
mdnsReflector - Boolean
|
BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType |
name - String!
|
|
rangeType - SubnetType!
|
|
subnet - IPSubnet!
|
|
translatedSubnet - IPSubnet
|
|
vlan - Int
|
Only relevant for VLAN network rangeType |
Example
{
"azureFloatingIp": IPAddress,
"dhcpSettings": NetworkDhcpSettingsInput,
"gateway": IPAddress,
"internetOnly": false,
"localIp": IPAddress,
"mdnsReflector": false,
"name": "xyz789",
"rangeType": "Direct",
"subnet": IPSubnet,
"translatedSubnet": IPSubnet,
"vlan": 123
}
AddNetworkRangePayload
Fields
| Field Name | Description |
|---|---|
networkRangeId - ID!
|
Example
{"networkRangeId": "4"}
AddPartnerAccessRequestInput
BetaDescription
Input for creating a partner account access request.
Fields
| Input Field | Description |
|---|---|
accounts - [AccountRefInput!]
|
Target accounts. |
admins - [AdminRefInput!]
|
Admins included in the request. |
expirationDate - DateTime!
|
Expiration date. |
groups - [UsersGroupRefInput]!
|
User groups included in the request. Default |
isAppliedOnAllFullyManagedAccounts - Boolean
|
Apply to all fully managed accounts. |
partner - AccountRefInput!
|
Partner account. |
partnerNote - String
|
Note from the partner. |
reason - String
|
Reason for the request. |
roles - [RBACRoleRefInput!]!
|
Roles included in the request. |
supportLink - String
|
Support link. |
Example
{
"accounts": [AccountRefInput],
"admins": [AdminRefInput],
"expirationDate": "2007-12-03T10:15:30Z",
"groups": [UsersGroupRefInput],
"isAppliedOnAllFullyManagedAccounts": false,
"partner": AccountRefInput,
"partnerNote": "abc123",
"reason": "xyz789",
"roles": [RBACRoleRefInput],
"supportLink": "xyz789"
}
AddPartnerAccessRequestPayload
BetaDescription
Output for creating a partner account access request.
Fields
| Field Name | Description |
|---|---|
invitation - [ExternalAccessRequest!]!
|
Created access requests. |
Example
{"invitation": [ExternalAccessRequest]}
AddSecondaryAwsVSocketInput
BetaFields
| Input Field | Description |
|---|---|
eniIpAddress - IPAddress!
|
The IP address of LAN interface |
eniIpSubnet - NetworkSubnet!
|
The subnet of the LAN interface |
routeTableId - String!
|
The ID of the LAN route table |
site - SiteRefInput!
|
Information about the site where the secondary AWS VSocket is being added. |
Example
{
"eniIpAddress": IPAddress,
"eniIpSubnet": NetworkSubnet,
"routeTableId": "xyz789",
"site": SiteRefInput
}
AddSecondaryAwsVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
The secondary socket id |
Example
{"id": 4}
AddSecondaryAzureVSocketInput
BetaFields
| Input Field | Description |
|---|---|
floatingIp - IPAddress!
|
The floating IP address |
interfaceIp - IPAddress!
|
The IP address of the interface |
site - SiteRefInput!
|
Information about the site where the secondary Azure VSocket is being added. |
Example
{
"floatingIp": IPAddress,
"interfaceIp": IPAddress,
"site": SiteRefInput
}
AddSecondaryAzureVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
The secondary socket id |
Example
{"id": "4"}
Fields
| Input Field | Description |
|---|---|
gcpConfig - GcpConfigInput!
|
|
site - SiteRefInput!
|
Example
{
"gcpConfig": GcpConfigInput,
"site": SiteRefInput
}
Fields
| Field Name | Description |
|---|---|
socketInfo - GcpVSocketInfo!
|
Example
{"socketInfo": GcpVSocketInfo}
AddServicePrincipalAdminInput
Fields
| Input Field | Description |
|---|---|
email - String
|
|
managedRoles - [UpdateAdminRoleInput!]
|
|
name - String!
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"email": "xyz789",
"managedRoles": [UpdateAdminRoleInput],
"name": "abc123",
"resellerRoles": [UpdateAdminRoleInput]
}
AddServicePrincipalAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": "4"}
AddSiteLocationInput
Example
{
"address": "abc123",
"city": "xyz789",
"countryCode": "xyz789",
"stateCode": "xyz789",
"timezone": "abc123"
}
Fields
| Input Field | Description |
|---|---|
addOns - [SocketAddOnCardInput!]!
|
|
site - SiteRefInput!
|
Example
{
"addOns": [SocketAddOnCardInput],
"site": SiteRefInput
}
Fields
| Field Name | Description |
|---|---|
addOns - [SocketAddOnCard!]!
|
Example
{"addOns": [SocketAddOnCard]}
AddSocketSiteInput
Fields
| Input Field | Description |
|---|---|
connectionType - SiteConnectionTypeEnum!
|
|
description - String
|
|
name - String!
|
The name of the site |
nativeNetworkRange - IPSubnet!
|
The native range of the site |
siteLocation - AddSiteLocationInput!
|
The location of the site |
siteType - SiteType!
|
Valid values are: BRANCH, HEADQUARTERS, CLOUD_DC, and DATACENTER. Default |
translatedSubnet - IPSubnet
|
|
vlan - Vlan
|
VLAN ID for native range |
Example
{
"connectionType": "SOCKET_AWS1500",
"description": "abc123",
"name": "abc123",
"nativeNetworkRange": IPSubnet,
"siteLocation": AddSiteLocationInput,
"siteType": "BRANCH",
"translatedSubnet": IPSubnet,
"vlan": Vlan
}
AddSocketSitePayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": 4}
AddStaticHostInput
Fields
| Input Field | Description |
|---|---|
ip - IPAddress!
|
|
macAddress - String
|
|
name - String!
|
Example
{
"ip": IPAddress,
"macAddress": "xyz789",
"name": "abc123"
}
AddStaticHostPayload
Fields
| Field Name | Description |
|---|---|
hostId - ID!
|
Example
{"hostId": "4"}
AddStoryCommentInput
BetaFields
| Input Field | Description |
|---|---|
author - String
|
The author of the comment |
storyId - ID!
|
The relevant Story |
text - String!
|
Enter the text for the XDR story comment |
type - CommentType
|
The comment type Default |
Example
{
"author": "xyz789",
"storyId": 4,
"text": "xyz789",
"type": "MANAGED_SERVICE"
}
AddStoryCommentPayload
BetaFields
| Field Name | Description |
|---|---|
comment - StoryComment!
|
Add a new comment to the XDR story |
Example
{"comment": StoryComment}
AddressValidationStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"INVALID"
Admin
Description
A CC2 administrator
Fields
| Field Name | Description |
|---|---|
adminType - AdminType
|
|
allowedItems - [Entity!]
|
|
creationDate - DateTime
|
|
email - String
|
|
firstName - String
|
|
id - ID!
|
|
lastName - String
|
|
managedRoles - [AdminRole!]
|
|
mfaEnabled - Boolean
|
|
modifyDate - DateTime
|
|
nativeAccountID - ID
|
|
passwordNeverExpires - Boolean
|
|
presentUsageAndEvents - Boolean
|
|
resellerRoles - [AdminRole!]
|
|
role - UserRole
|
|
status - OperationalStatus
|
|
version - String!
|
Example
{
"adminType": "LOGIN",
"allowedItems": [Entity],
"creationDate": "2007-12-03T10:15:30Z",
"email": "xyz789",
"firstName": "xyz789",
"id": "4",
"lastName": "abc123",
"managedRoles": [AdminRole],
"mfaEnabled": false,
"modifyDate": "2007-12-03T10:15:30Z",
"nativeAccountID": 4,
"passwordNeverExpires": false,
"presentUsageAndEvents": true,
"resellerRoles": [AdminRole],
"role": "EDITOR",
"status": "active",
"version": "xyz789"
}
AdminRef
BetaAdminRefInput
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
AdminRole
AdminType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"LOGIN"
AdminsResult
AdvancedStringFilterInput
BetaAggregationType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"any"
AiOperationsIncident
BetaFields
| Field Name | Description |
|---|---|
accountOperationIncident - AccountOperationsIncident
|
|
analystFeedback - AnalystFeedback
|
|
categories - [IncidentCategory!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
eventsGraphQuery - EventsGraphQuery
|
|
firstSignal - DateTime!
|
|
flowLastTime - DateTime!
|
use 'lastSignal' instead |
flowStartTime - DateTime!
|
use 'firstSignal' instead |
id - ID!
|
|
indication - String!
|
|
ioa - String!
|
'ioa' is deprecated, use 'indication' instead |
lastSignal - DateTime!
|
|
muted - Boolean!
|
|
occurrences - Int
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
use 'producerType' instead |
producerName - String!
|
|
producerType - StoryProducerEnum!
|
|
queryName - String
|
|
research - Boolean
|
|
riskScore - Int!
|
'riskScore' is deprecated, use 'criticality' instead |
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
ticket - String
|
|
type - AiOperationsIncidentTypeEnum
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"accountOperationIncident": AccountOperationsIncident,
"analystFeedback": AnalystFeedback,
"categories": ["OPERATIONAL"],
"connectionType": "Host",
"criticality": 987,
"description": "xyz789",
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"eventsGraphQuery": EventsGraphQuery,
"firstSignal": "2007-12-03T10:15:30Z",
"flowLastTime": "2007-12-03T10:15:30Z",
"flowStartTime": "2007-12-03T10:15:30Z",
"id": 4,
"indication": "abc123",
"ioa": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"muted": false,
"occurrences": 987,
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"producerType": "AnomalyEvents",
"queryName": "abc123",
"research": true,
"riskScore": 123,
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "abc123",
"sourceIp": "xyz789",
"status": "Closed",
"storyDuration": 987,
"ticket": "abc123",
"type": "Account",
"user": UserRef,
"vendor": "CATO"
}
AiOperationsIncidentTypeEnum
Values
| Enum Value | Description |
|---|---|
|
|
Example
"Account"
AiOperationsPlaybook
AiSecurityAttributes
BetaFields
| Field Name | Description |
|---|---|
dataUsagePolicy - AiSecurityDataUsagePolicy
|
|
risk - AiSecurityRisk
|
|
scope - AiSecurityScope
|
Example
{
"dataUsagePolicy": AiSecurityDataUsagePolicy,
"risk": "CRITICAL",
"scope": "EMBEDDED"
}
AiSecurityDataProfileRef
BetaAiSecurityDataUsagePolicy
BetaFields
| Field Name | Description |
|---|---|
description - String
|
|
reference - String
|
|
referenceType - String
|
|
referenceUrl - String
|
|
type - AiSecurityDataUsagePolicyType
|
Example
{
"description": "xyz789",
"reference": "xyz789",
"referenceType": "abc123",
"referenceUrl": "xyz789",
"type": "GENERAL_DATA_USAGE"
}
AiSecurityDataUsagePolicyType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"GENERAL_DATA_USAGE"
AiSecurityGuardRef
BetaAiSecurityRisk
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"CRITICAL"
AiSecurityScope
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"EMBEDDED"
AlertClassificationEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"FALSE_POSITIVE"
AlertDeterminationEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"APT"
AllocatedIpRef
BetaAllocatedIpRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
AllowlistRuleRef
BetaAnalystFeedback
BetaFields
| Field Name | Description |
|---|---|
additionalInfo - String
|
|
severity - SeverityEnum
|
|
threatClassification - String
|
|
threatType - AnalystFeedbackThreatType
|
|
verdict - StoryVerdictEnum
|
Example
{
"additionalInfo": "abc123",
"severity": "High",
"threatClassification": "xyz789",
"threatType": AnalystFeedbackThreatType,
"verdict": "Benign"
}
AnalystFeedbackInput
BetaFields
| Input Field | Description |
|---|---|
additionalInfo - String
|
Free text for the analyst to enter additional information about the XDR story |
severity - SeverityEnum
|
Enum for analyst to assign the severity of a Malicious XDR story |
status - StoryStatusEnum
|
Enum for the current status of the XDR story. |
storyId - ID!
|
The relevant Story |
threatClassification - String
|
More detailed description of the type of threat. For example, the Anonymizer threatType can be assigned the Bitorrent Client threatClassification. |
threatType - StoryThreatType
|
Type of threat for the XDR story that is assigned by the analyst |
verdict - StoryVerdictEnum
|
Enum for analyst to assign the verdict of the XDR story |
Example
{
"additionalInfo": "abc123",
"severity": "High",
"status": "Closed",
"storyId": "4",
"threatClassification": "xyz789",
"threatType": StoryThreatType,
"verdict": "Benign"
}
AnalystFeedbackPayload
BetaFields
| Field Name | Description |
|---|---|
story - Story
|
Data related to the actions and information that an analyst adds to the XDR story |
Example
{"story": Story}
AnalystFeedbackThreatType
BetaAnalystInfo
BetaAnnotationType
Values
| Enum Value | Description |
|---|---|
|
|
Other events that are included in annotations |
|
|
The site connects to a different PoP |
|
|
The ISP IP address (remote IP) changed |
|
|
Change for HA status role |
Example
"generic"
Anomalies
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
|
firstSignal - DateTime!
|
|
lastSignal - DateTime!
|
|
engineType - StoryEngineTypeEnum
|
|
vendor - VendorEnum
|
|
producer - StoryProducerEnum!
|
use 'producerType' instead |
producerType - StoryProducerEnum!
|
|
producerName - String!
|
|
connectionType - ConnectionTypeEnum
|
|
indication - String!
|
|
queryName - String
|
|
source - String
|
|
criticality - Int
|
|
ticket - String
|
|
status - StoryStatusEnum
|
|
research - Boolean
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
storyDuration - Int
|
|
description - String
|
|
analystFeedback - AnalystFeedback
|
|
site - SiteRef
|
|
user - UserRef
|
|
sourceIp - String
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
|
categories - [IncidentCategory!]!
|
|
entities - [IncidentEntity!]!
|
|
muted - Boolean!
|
|
direction - String
|
Possible Types
| Anomalies Types |
|---|
Example
{
"id": 4,
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerType": "AnomalyEvents",
"producerName": "abc123",
"connectionType": "Host",
"indication": "xyz789",
"queryName": "xyz789",
"source": "xyz789",
"criticality": 987,
"ticket": "abc123",
"status": "Closed",
"research": false,
"siteName": "abc123",
"storyDuration": 123,
"description": "abc123",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"sourceIp": "abc123",
"similarStoriesData": [SimilarStoryData],
"predictedVerdict": "Benign",
"predictedThreatType": "xyz789",
"categories": ["OPERATIONAL"],
"entities": [IncidentEntity],
"muted": true,
"direction": "abc123"
}
AnomalyEvents
BetaDescription
The AnomalyEvents object represents a data structure used in GraphQL queries or mutations, containing fields related to security anomalies, such as analyst feedback, connection type, criticality, description, and various identifiers and metrics, to provide detailed information about potential security incidents.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
|
breakdownField - String
|
|
categories - [IncidentCategory!]!
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
drillDownFilter - [StoryDrillDownFilter!]
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
extra - [Extra!]
|
|
firstSignal - DateTime!
|
|
gaussian - Gaussian
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
metric - Metric
|
|
metricDetails - MetricDetails
|
|
mitres - [Mitre!]
|
|
muted - Boolean!
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
use 'producerType' instead |
producerName - String!
|
|
producerType - StoryProducerEnum!
|
|
queryName - String
|
|
research - Boolean
|
|
rules - [String!]
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
subjectType - String
|
|
targets - [IncidentTargetRep!]!
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"breakdownField": "xyz789",
"categories": ["OPERATIONAL"],
"clientClass": ["xyz789"],
"connectionType": "Host",
"criticality": 123,
"description": "abc123",
"deviceName": "xyz789",
"direction": "xyz789",
"drillDownFilter": [StoryDrillDownFilter],
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"extra": [Extra],
"firstSignal": "2007-12-03T10:15:30Z",
"gaussian": Gaussian,
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "xyz789",
"metric": Metric,
"metricDetails": MetricDetails,
"mitres": [Mitre],
"muted": false,
"os": "abc123",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"producerType": "AnomalyEvents",
"queryName": "xyz789",
"research": true,
"rules": ["xyz789"],
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "abc123",
"sourceIp": "abc123",
"srcSiteId": "xyz789",
"status": "Closed",
"storyDuration": 123,
"subjectType": "abc123",
"targets": [IncidentTargetRep],
"ticket": "abc123",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
AnomalyStats
BetaDescription
The AnomalyStats object is a GraphQL type that represents statistical data related to anomalies, including fields such as analyst feedback, connection type, criticality, device information, and various metrics, along with associated metadata like timestamps, status, and predicted verdicts.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
|
breakdownField - String
|
|
categories - [IncidentCategory!]!
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
drillDownFilter - [StoryDrillDownFilter!]
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
extra - [Extra!]
|
|
firstSignal - DateTime!
|
|
gaussian - Gaussian
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
metric - Metric
|
|
metricDetails - MetricDetails
|
|
mitres - [Mitre!]
|
|
muted - Boolean!
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
use 'producerType' instead |
producerName - String!
|
|
producerType - StoryProducerEnum!
|
|
queryName - String
|
|
research - Boolean
|
|
rules - [String!]
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
subjectType - String
|
|
targets - [IncidentTargetRep!]!
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"breakdownField": "xyz789",
"categories": ["OPERATIONAL"],
"clientClass": ["abc123"],
"connectionType": "Host",
"criticality": 123,
"description": "xyz789",
"deviceName": "abc123",
"direction": "xyz789",
"drillDownFilter": [StoryDrillDownFilter],
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"extra": [Extra],
"firstSignal": "2007-12-03T10:15:30Z",
"gaussian": Gaussian,
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "xyz789",
"macAddress": "abc123",
"metric": Metric,
"metricDetails": MetricDetails,
"mitres": [Mitre],
"muted": true,
"os": "xyz789",
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"producerType": "AnomalyEvents",
"queryName": "xyz789",
"research": true,
"rules": ["abc123"],
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "abc123",
"sourceIp": "xyz789",
"srcSiteId": "abc123",
"status": "Closed",
"storyDuration": 123,
"subjectType": "xyz789",
"targets": [IncidentTargetRep],
"ticket": "xyz789",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
AntiMalwareFileHashAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
Block file download by filehash action |
|
|
Bypass file download by filehash action |
Example
"BLOCK"
AntiMalwareFileHashAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AntiMalwareFileHashAction!
|
The action when the file hash is matched: [BLOCK | BYPASS] Default |
description - String!
|
|
enabled - Boolean!
|
|
expirationDate - DateTime!
|
The date when the block or bypass action expires |
fileName - String!
|
The name of the file |
name - String!
|
|
sha256 - SHA_256!
|
The file's unique SHA-256 hash identifier |
Example
{
"action": "BLOCK",
"description": "abc123",
"enabled": true,
"expirationDate": "2007-12-03T10:15:30Z",
"fileName": "abc123",
"name": "xyz789",
"sha256": SHA_256
}
AntiMalwareFileHashAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - AntiMalwareFileHashAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": AntiMalwareFileHashAddRuleDataInput
}
AntiMalwareFileHashPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [AntiMalwareFileHashRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [AntiMalwareFileHashRulePayload],
"sections": [PolicySectionPayload]
}
AntiMalwareFileHashPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
AntiMalwareFileHashPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
AntiMalwareFileHashPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - AntiMalwareFileHashPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": AntiMalwareFileHashPolicy,
"status": "FAILURE"
}
AntiMalwareFileHashPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
AntiMalwareFileHashRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
AntiMalwareFileHashRule
BetaFields
| Field Name | Description |
|---|---|
action - AntiMalwareFileHashAction!
|
The action when the file hash is matched: [BLOCK | BYPASS] |
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
expirationDate - DateTime!
|
The date when the block or bypass action expires |
fileName - String!
|
The name of the file |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
section - PolicySectionInfo!
|
Policy section where the rule is located |
sha256 - SHA_256!
|
The file's unique SHA-256 hash identifier |
Example
{
"action": "BLOCK",
"description": "abc123",
"enabled": false,
"expirationDate": "2007-12-03T10:15:30Z",
"fileName": "abc123",
"id": "4",
"index": 987,
"name": "xyz789",
"section": PolicySectionInfo,
"sha256": SHA_256
}
AntiMalwareFileHashRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - AntiMalwareFileHashRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": AntiMalwareFileHashRulePayload,
"status": "FAILURE"
}
AntiMalwareFileHashRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - AntiMalwareFileHashRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": AntiMalwareFileHashRule
}
AntiMalwareFileHashUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AntiMalwareFileHashAction
|
The action when the file hash is matched: [BLOCK | BYPASS] |
description - String
|
|
enabled - Boolean
|
|
expirationDate - DateTime
|
The date when the block or bypass action expires |
fileName - String
|
The name of the file |
name - String
|
|
sha256 - SHA_256
|
The file's unique SHA-256 hash identifier |
Example
{
"action": "BLOCK",
"description": "abc123",
"enabled": false,
"expirationDate": "2007-12-03T10:15:30Z",
"fileName": "xyz789",
"name": "abc123",
"sha256": SHA_256
}
AntiMalwareFileHashUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - AntiMalwareFileHashUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": AntiMalwareFileHashUpdateRuleDataInput
}
AntiTamperModeEnum
BetaDescription
Specifies the level of protection against tampering
Values
| Enum Value | Description |
|---|---|
|
|
Tampering attempts are logged, but changes are permitted |
|
|
No protection. Users are allowed to make changes |
|
|
Changes are blocked. Users are not allowed to make modifications |
Example
"MONITOR"
ApiKeyRef
BetaApnMethod
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"METHOD_AUTO"
AppStats
AppStatsField
Fields
| Field Name | Description |
|---|---|
name - AppStatsFieldName!
|
|
value - Value!
|
Example
{"name": "account_id", "value": StringValue}
AppStatsFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Account ID. CMA Name: Account ID |
|
|
Account name. CMA Name: Account Name |
|
|
Active Directory name. CMA Name: Ad Name |
|
|
AI Proxy rule name. CMA Name: AI Proxy Rule Name |
|
|
Application ID of the flow, in legacy format. CMA Name: Appid use application_id instead. Planned end-of-life (EoL) date: June 30, 2026. |
|
|
The application identifier. CMA Name: Application use application_name instead. Planned end-of-life (EoL) date: June 30, 2026. |
|
|
Description of the application. CMA Name: Application Description |
|
|
Application ID of the flow. CMA Name: Application ID |
|
|
Application of the flow. CMA Name: Application Name |
|
|
Application risk level based on the application risk score. CMA Name: Application Risk Level |
|
|
Risk score of the application, based on Cato's risk assessment. CMA Name: Application Risk Score |
|
|
Application type (Custom, Private or System). CMA Name: Application Type |
|
|
Cato system category. CMA Name: Categories |
|
|
Cato system category of the application. CMA Name: Category use categories instead. Planned end-of-life (EoL) date: June 30, 2026. |
|
|
Type of process generating this traffic. CMA Name: Client Class |
|
|
Socket or SDP Client version. CMA Name: Client Version |
|
|
For hosts configured with a static IP in the Cato Management Application, the host name. CMA Name: Configured Host Name |
|
|
Connection Origin. CMA Name: Connection Origin |
|
|
Application description. CMA Name: Description use application_description instead. Planned end-of-life (EoL) date: June 30, 2026. |
|
|
For Internet traffic, country where the destination host is located. CMA Name: Destination Country |
|
|
For Internet traffic, destination host IP address. CMA Name: Dest Ip |
|
|
For WAN traffic, destination is site or SDP user. CMA Name: Dest Is Site Or Vpn |
|
|
Destination port. CMA Name: Destination Port |
|
|
Destination Site or VPN user ID (proto). CMA Name: Dest Site |
|
|
Unique internal Cato ID for the destination site or remote user. CMA Name: Dest Site ID |
|
|
For Internet traffic, destination host IP address. CMA Name: Dest Site Name |
|
|
Device Categories. CMA Name: Device Category |
|
|
Unique Cato ID for devices. CMA Name: Device ID |
|
|
Device Manufacturer. CMA Name: Device Manufacturer |
|
|
Device Model. CMA Name: Device Model |
|
|
Name for device related to the traffic. CMA Name: Device Name |
|
|
Device OS Type. CMA Name: Device OS Type |
|
|
Device posture profiles. CMA Name: Device Posture Profile |
|
|
Device Type. CMA Name: Device Type |
|
|
Total SaaS apps discovered ever until the To in the timeframe. CMA Name: Discovered App |
|
|
Domain name. CMA Name: Domain Name use tld instead. Planned end-of-life (EoL) date: July 1, 2026. |
|
|
Bytes sent from the destination to the host. CMA Name: Downstream |
|
|
Duration of the flow in ms. Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API. |
|
|
Egress PoP Name. CMA Name: Egress PoP Name |
|
|
Egress Site Name for backhauling traffic. CMA Name: Egress Site |
|
|
Uniquely identifies a traffic flow and enables correlation of events and other records related to the same flow. Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API. |
|
|
Time stamp of the flow start (Linux epoch format). Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API. |
|
|
Number of flows created for this event. CMA Name: Flows Created |
|
|
Full path URL application activity. CMA Name: Full Path URL |
|
|
IP address of host related to event. CMA Name: Host IP |
|
|
MAC address of host related to event. CMA Name: Host MAC Address |
|
|
Country of the application headquarters. CMA Name: Hq Location |
|
|
HTTP request method (ie. Get, Post). CMA Name: Request Method |
|
|
Local IP address of the host. CMA Name: Local Ip use src_ip/dest_ip instead. Planned end-of-life (EoL) date: July 1, 2026. |
|
|
Network protocol for this event. CMA Name: IP Protocol |
|
|
Is the application a cloud application? (True/False). CMA Name: Is Cloud App |
|
|
Is last sample for flow. Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API. |
|
|
Is the app for this event defined as a sanctioned app? (True/False). CMA Name: Is Sanctioned App |
|
|
The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically). CMA Name: ISP Name |
|
|
Matched network rule. CMA Name: Network Rule |
|
|
new_app. CMA Name: New App |
|
|
OS version for the device (such as 14.3.0). CMA Name: OS Version |
|
|
Name of PoP location. CMA Name: Pop Name |
|
|
QoS Priority value. CMA Name: QoS Priority |
|
|
risk_level. CMA Name: Risk Level use application_risk_level instead. Planned end-of-life (EoL) date: June 30, 2026. |
|
|
The application risk score assigned by Cato. CMA Name: Risk Score use application_risk_score instead. Planned end-of-life (EoL) date: June 30, 2026. |
|
|
Is the application defined as sanctioned?. CMA Name: Sanctioned use is_sanctioned_app instead. Planned end-of-life (EoL) date: June 30, 2026. |
|
|
Country in which the source host is located. CMA Name: Site Country |
|
|
State in which the source host is located. CMA Name: Site State |
|
|
Name for Socket interface. CMA Name: Socket Interface |
|
|
Country in which the source host is located (detected via public IP address). CMA Name: Source Country |
|
|
Country Code of country in which the source host is located (detected via public IP address). CMA Name: Source Country Code |
|
|
IP for host or Cato Client. CMA Name: Src Ip |
|
|
Source type: site or remote user. CMA Name: Src Is Site Or Vpn |
|
|
IP address provided by ISP to site or Client. CMA Name: Source ISP IP |
|
|
Internal port number. CMA Name: Source Port |
|
|
Site country code alpha2. CMA Name: Src Site Country Code |
|
|
Unique internal Cato ID for the site or remote user. CMA Name: Src Site ID |
|
|
Source site or remote user. CMA Name: Src Site Name |
|
|
Site state code. CMA Name: Src Site State |
|
|
Name of subnet as defined in Cato Management Application. CMA Name: Subnet use subnet_name instead. Planned end-of-life (EoL) date: June 30, 2026. |
|
|
Name of subnet as defined in Cato Management Application. CMA Name: Subnet Name |
|
|
Shows if traffic was TCP accelerated or not. CMA Name: TCP Acceleration |
|
|
Time stamp of the flow update (Human-readable format). Only available for native flows data integration created in the CMA (e.g. Sentinel). Not available in the appstats or appstatsTimeSeries API. |
|
|
Top Level Domain of the host name. CMA Name: Tld |
|
|
Shows if traffic was TLS inspected or not. CMA Name: TLS Inspection |
|
|
TLS Inspection rule name. CMA Name: TLS Rule Name |
|
|
The total sum of upstream and downstream data in bytes. CMA Name: Traffic |
|
|
Direction of network traffic for this event, values are inbound or outbound. CMA Name: Traffic Direction |
|
|
Translated Client IP. CMA Name: Translated Client IP |
|
|
Translated Server IP. CMA Name: Translated Server IP |
|
|
Bytes sent from the host to the destination. CMA Name: Upstream |
|
|
Method used to get identity with User Awareness (such as Identity Agent). CMA Name: User Awareness Method |
|
|
User ID. CMA Name: User ID |
|
|
User that generated the event. CMA Name: User Name |
|
|
User’s email address. CMA Name: SDP User Email |
|
|
User ID. CMA Name: Vpn User ID use user_id instead. Planned end-of-life (EoL) date: June 30, 2026. |
Example
"account_id"
AppStatsFilter
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
|
operator - FilterOperator!
|
|
values - [String!]!
|
Example
{
"fieldName": "account_id",
"operator": "between",
"values": ["abc123"]
}
AppStatsPostAggFilter
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
filter - AppStatsFilter!
|
Example
{"aggType": "any", "filter": AppStatsFilter}
AppStatsRecord
Fields
| Field Name | Description |
|---|---|
fields - [AppStatsField!]
|
|
fieldsMap - Map
|
fields in map format (see Map scalar) |
fieldsUnitTypes - [UnitType!]
|
|
flatFields - [String!]
|
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ] |
prevTimeFrame - Map
|
|
trends - Map
|
Example
{
"fields": [AppStatsField],
"fieldsMap": Map,
"fieldsUnitTypes": ["bits"],
"flatFields": ["abc123"],
"prevTimeFrame": Map,
"trends": Map
}
AppStatsSort
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
|
order - DirectionEnum!
|
Example
{"fieldName": "account_id", "order": "asc"}
AppStatsTimeSeries
AppTenantRestrictionActionEnum
BetaDescription
Allowed actions
Values
| Enum Value | Description |
|---|---|
|
|
Do not inject any Headers nor Values for outgoing traffic |
|
|
Inject Headers and Values for outgoing traffic |
Example
"BYPASS"
AppTenantRestrictionAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AppTenantRestrictionActionEnum!
|
The action applied by the App Tenant Restriction if the rule is matched Default |
application - ApplicationRefInput!
|
Applications for the rule (pre-defined) |
description - String!
|
|
enabled - Boolean!
|
|
headers - [AppTenantRestrictionHeaderValueInput!]!
|
Headers and Values to Inject Default |
name - String!
|
|
schedule - PolicyScheduleInput!
|
The time period specifying when the rule is enabled, otherwise it is disabled. Default |
severity - AppTenantRestrictionSeverityEnum!
|
Severity defined for the rule Default |
source - AppTenantRestrictionSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
Example
{
"action": "BYPASS",
"application": ApplicationRefInput,
"description": "abc123",
"enabled": true,
"headers": [AppTenantRestrictionHeaderValueInput],
"name": "xyz789",
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": AppTenantRestrictionSourceInput
}
AppTenantRestrictionAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - AppTenantRestrictionAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": AppTenantRestrictionAddRuleDataInput
}
AppTenantRestrictionHeaderValue
BetaDescription
pair of header name and value
Fields
| Field Name | Description |
|---|---|
name - HttpHeaderName!
|
Header to inject |
value - HttpHeaderValue!
|
Value to inject |
Example
{
"name": HttpHeaderName,
"value": HttpHeaderValue
}
AppTenantRestrictionHeaderValueInput
BetaDescription
pair of header name and value
Fields
| Input Field | Description |
|---|---|
name - HttpHeaderName!
|
Header to inject |
value - HttpHeaderValue!
|
Value to inject |
Example
{
"name": HttpHeaderName,
"value": HttpHeaderValue
}
AppTenantRestrictionPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [AppTenantRestrictionRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [AppTenantRestrictionRulePayload],
"sections": [PolicySectionPayload]
}
AppTenantRestrictionPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
AppTenantRestrictionPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
AppTenantRestrictionPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - AppTenantRestrictionPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": AppTenantRestrictionPolicy,
"status": "FAILURE"
}
AppTenantRestrictionPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
AppTenantRestrictionRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
AppTenantRestrictionRule
BetaFields
| Field Name | Description |
|---|---|
action - AppTenantRestrictionActionEnum!
|
The action applied by the App Tenant Restriction if the rule is matched |
application - ApplicationRef!
|
Applications for the rule (pre-defined) |
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
headers - [AppTenantRestrictionHeaderValue!]!
|
Headers and Values to Inject |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
schedule - PolicySchedule!
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
severity - AppTenantRestrictionSeverityEnum!
|
Severity defined for the rule |
source - AppTenantRestrictionSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
Example
{
"action": "BYPASS",
"application": ApplicationRef,
"description": "abc123",
"enabled": true,
"headers": [AppTenantRestrictionHeaderValue],
"id": "4",
"index": 123,
"name": "xyz789",
"schedule": PolicySchedule,
"section": PolicySectionInfo,
"severity": "HIGH",
"source": AppTenantRestrictionSource
}
AppTenantRestrictionRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - AppTenantRestrictionRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": AppTenantRestrictionRulePayload,
"status": "FAILURE"
}
AppTenantRestrictionRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - AppTenantRestrictionRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": AppTenantRestrictionRule
}
AppTenantRestrictionSeverityEnum
BetaDescription
Severity options
Values
| Enum Value | Description |
|---|---|
|
|
High severity |
|
|
Low severity |
|
|
Medium severity |
Example
"HIGH"
AppTenantRestrictionSource
BetaDescription
Returns the settings for Source of an App Tenant Restriction rule
Fields
| Field Name | Description |
|---|---|
country - [CountryRef!]!
|
Source country traffic matching criteria. |
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"country": [CountryRef],
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
AppTenantRestrictionSourceInput
BetaDescription
Input of the settings for Source of an App Tenant Restriction rule
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]!
|
Source country traffic matching criteria. Default |
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
AppTenantRestrictionSourceUpdateInput
BetaDescription
Input of the settings for Source of an App Tenant Restriction rule
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]
|
Source country traffic matching criteria. |
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
AppTenantRestrictionUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - AppTenantRestrictionActionEnum
|
The action applied by the App Tenant Restriction if the rule is matched |
application - ApplicationRefInput
|
Applications for the rule (pre-defined) |
description - String
|
|
enabled - Boolean
|
|
headers - [AppTenantRestrictionHeaderValueInput!]
|
Headers and Values to Inject |
name - String
|
|
schedule - PolicyScheduleUpdateInput
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
severity - AppTenantRestrictionSeverityEnum
|
Severity defined for the rule |
source - AppTenantRestrictionSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
Example
{
"action": "BYPASS",
"application": ApplicationRefInput,
"description": "xyz789",
"enabled": true,
"headers": [AppTenantRestrictionHeaderValueInput],
"name": "xyz789",
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": AppTenantRestrictionSourceUpdateInput
}
AppTenantRestrictionUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - AppTenantRestrictionUpdateRuleDataInput!
|
Example
{"id": 4, "rule": AppTenantRestrictionUpdateRuleDataInput}
ApplicationCategoryRef
BetaApplicationCategoryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
Fields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
Example
{"name": SortOrderInput}
ApplicationConnectorCatalogEntityRef
BetaApplicationConnectorCatalogEntityRefFilterInput
BetaFields
| Input Field | Description |
|---|---|
id - IdFilterInput
|
|
name - StringFilterInput
|
Example
{
"id": IdFilterInput,
"name": StringFilterInput
}
ApplicationConnectorCatalogEntityRefSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
id - SortOrderInput
|
|
name - SortOrderInput
|
Example
{
"id": SortOrderInput,
"name": SortOrderInput
}
ApplicationControlAccessMethod
BetaDescription
Access method matching configuration
Fields
| Field Name | Description |
|---|---|
accessMethod - ApplicationControlAccessMethodType!
|
Specifies the access method type |
operator - ApplicationControlOperator!
|
Defines the comparison operator |
value - String
|
Specifies the comparison value (used with all operators except IN) |
valueSet - StringValueSetRef
|
References a set of values (used only with IN operator) |
Example
{
"accessMethod": "USER_AGENT",
"operator": "CONTAINS",
"value": "xyz789",
"valueSet": StringValueSetRef
}
ApplicationControlAccessMethodInput
BetaDescription
Access method matching configuration
Fields
| Input Field | Description |
|---|---|
accessMethod - ApplicationControlAccessMethodType!
|
Specifies the access method type Default |
operator - ApplicationControlOperator!
|
Defines the comparison operator Default |
value - String
|
Specifies the comparison value (used with all operators except IN) |
valueSet - StringValueSetRefInput
|
References a set of values (used only with IN operator) |
Example
{
"accessMethod": "USER_AGENT",
"operator": "CONTAINS",
"value": "abc123",
"valueSet": StringValueSetRefInput
}
ApplicationControlAccessMethodType
BetaDescription
Application Control Access Method Type
Values
| Enum Value | Description |
|---|---|
|
|
User agent identification method |
Example
"USER_AGENT"
ApplicationControlAction
BetaDescription
Application Control Action
Values
| Enum Value | Description |
|---|---|
|
|
Permit the action |
|
|
Prevent the action |
|
|
Log the action without enforcement |
Example
"ALLOW"
ApplicationControlActionConfig
BetaDescription
Configuration for application control action
Fields
| Field Name | Description |
|---|---|
userNotification - [UserNotificationTemplateRef!]!
|
Defines the user notification template to display when the rule blocks access. Only a single element is allowed. |
Example
{"userNotification": [UserNotificationTemplateRef]}
ApplicationControlActionConfigInput
BetaDescription
Configuration for application control action
Fields
| Input Field | Description |
|---|---|
userNotification - [UserNotificationTemplateRefInput!]!
|
Defines the user notification template to display when the rule blocks access. Only a single element is allowed. Default |
Example
{"userNotification": [UserNotificationTemplateRefInput]}
ApplicationControlActionConfigUpdateInput
BetaDescription
Configuration for application control action
Fields
| Input Field | Description |
|---|---|
userNotification - [UserNotificationTemplateRefInput!]
|
Defines the user notification template to display when the rule blocks access. Only a single element is allowed. |
Example
{"userNotification": [UserNotificationTemplateRefInput]}
ApplicationControlActivity
BetaDescription
Activity matching configuration
Fields
| Field Name | Description |
|---|---|
activity - ApplicationControlActivityRef!
|
References the application control activity type |
field - ApplicationControlActivityFieldRef
|
References specific application control activity fields associated with the activity type |
operator - ApplicationControlOperator
|
Defines the operator used for comparisons |
value - String
|
Specifies the comparison value (used with all operators except IN) |
valueSet - StringValueSetRef
|
References a set of values (used only with IN operator) |
Example
{
"activity": ApplicationControlActivityRef,
"field": ApplicationControlActivityFieldRef,
"operator": "CONTAINS",
"value": "abc123",
"valueSet": StringValueSetRef
}
ApplicationControlActivityFieldRef
BetaApplicationControlActivityFieldRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
ApplicationControlActivityInput
BetaDescription
Activity matching configuration
Fields
| Input Field | Description |
|---|---|
activity - ApplicationControlActivityRefInput!
|
References the application control activity type |
field - ApplicationControlActivityFieldRefInput
|
References specific application control activity fields associated with the activity type |
operator - ApplicationControlOperator
|
Defines the operator used for comparisons Default |
value - String
|
Specifies the comparison value (used with all operators except IN) |
valueSet - StringValueSetRefInput
|
References a set of values (used only with IN operator) |
Example
{
"activity": ApplicationControlActivityRefInput,
"field": ApplicationControlActivityFieldRefInput,
"operator": "CONTAINS",
"value": "xyz789",
"valueSet": StringValueSetRefInput
}
ApplicationControlActivityRef
BetaApplicationControlActivityRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
ApplicationControlAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
applicationRule - ApplicationControlApplicationRuleInput
|
Defines application control settings. Must only be used when ruleType is APPLICATION Default |
dataRule - ApplicationControlDataRuleInput
|
Defines data control settings. Must only be used when ruleType is DATA Default |
description - String!
|
|
enabled - Boolean!
|
|
fileRule - ApplicationControlFileRuleInput
|
Defines file control settings. Must only be used when ruleType is FILE Default |
name - String!
|
|
ruleType - ApplicationControlRuleType!
|
Determines which rule configuration to use. When set to APPLICATION, only applicationRule should be used. When set to DATA, only dataRule should be used. When set to FILE, only fileRule should be used Default |
Example
{
"applicationRule": ApplicationControlApplicationRuleInput,
"dataRule": ApplicationControlDataRuleInput,
"description": "abc123",
"enabled": false,
"fileRule": ApplicationControlFileRuleInput,
"name": "abc123",
"ruleType": "APPLICATION"
}
ApplicationControlAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - ApplicationControlAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": ApplicationControlAddRuleDataInput
}
ApplicationControlApplication
BetaDescription
Application matching configuration. Only one of the following fields should be filled - the others must remain empty.
Fields
| Field Name | Description |
|---|---|
appCategory - ApplicationCategoryRef
|
Cato category of applications which are dynamically updated by Cato |
application - ApplicationRef
|
Applications for the rule (pre-defined) |
applicationType - [ApplicationType!]!
|
Application types |
customApp - CustomApplicationRef
|
Custom (user-defined) applications |
customCategory - CustomCategoryRef
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
sanctionedAppsCategory - SanctionedAppsCategoryRef
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
Example
{
"appCategory": ApplicationCategoryRef,
"application": ApplicationRef,
"applicationType": ["APPLICATION"],
"customApp": CustomApplicationRef,
"customCategory": CustomCategoryRef,
"sanctionedAppsCategory": SanctionedAppsCategoryRef
}
ApplicationControlApplicationInput
BetaDescription
Application matching configuration. Only one of the following fields should be filled - the others must remain empty.
Fields
| Input Field | Description |
|---|---|
appCategory - ApplicationCategoryRefInput
|
Cato category of applications which are dynamically updated by Cato |
application - ApplicationRefInput
|
Applications for the rule (pre-defined) |
applicationType - [ApplicationType!]!
|
Application types Default |
customApp - CustomApplicationRefInput
|
Custom (user-defined) applications |
customCategory - CustomCategoryRefInput
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
sanctionedAppsCategory - SanctionedAppsCategoryRefInput
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
Example
{
"appCategory": ApplicationCategoryRefInput,
"application": ApplicationRefInput,
"applicationType": ["APPLICATION"],
"customApp": CustomApplicationRefInput,
"customCategory": CustomCategoryRefInput,
"sanctionedAppsCategory": SanctionedAppsCategoryRefInput
}
ApplicationControlApplicationRule
BetaDescription
Configuration for application-based control rules
Fields
| Field Name | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethod!]!
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match |
actionConfig - ApplicationControlActionConfig!
|
Configuration for application control action |
application - ApplicationControlApplication!
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivity!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match |
applicationContext - ApplicationControlContext!
|
Defines application context criteria with OR logic within sets and AND between sets |
applicationCriteria - ApplicationControlCriteria!
|
Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets |
applicationCriteriaSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL criteria must match |
device - [DeviceProfileRef!]!
|
Defines device profile criteria with OR logic within sets and AND between sets |
schedule - PolicySchedule!
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level |
source - ApplicationControlSource!
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTracking!
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethod],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfig,
"application": ApplicationControlApplication,
"applicationActivity": [ApplicationControlActivity],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContext,
"applicationCriteria": ApplicationControlCriteria,
"applicationCriteriaSatisfy": "ALL",
"device": [DeviceProfileRef],
"schedule": PolicySchedule,
"severity": "HIGH",
"source": ApplicationControlSource,
"tracking": PolicyTracking
}
ApplicationControlApplicationRuleInput
BetaDescription
Configuration for application-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]!
|
Defines access method criteria with OR logic within sets and AND between sets Default |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match Default |
actionConfig - ApplicationControlActionConfigInput!
|
Configuration for application control action Default |
application - ApplicationControlApplicationInput!
|
Defines application matching criteria with OR logic within sets and AND between sets Default |
applicationActivity - [ApplicationControlActivityInput!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets Default |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match Default |
applicationContext - ApplicationControlContextInput!
|
Defines application context criteria with OR logic within sets and AND between sets Default |
applicationCriteria - ApplicationControlCriteriaInput!
|
Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets Default |
applicationCriteriaSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL criteria must match Default |
device - [DeviceProfileRefInput!]!
|
Defines device profile criteria with OR logic within sets and AND between sets Default |
schedule - PolicyScheduleInput!
|
Defines time periods when the rule is active Default |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level Default |
source - ApplicationControlSourceInput!
|
Defines source traffic criteria with OR logic within sets and AND between sets Default |
tracking - PolicyTrackingInput!
|
Specifies event logging and notification settings Default |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfigInput,
"application": ApplicationControlApplicationInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContextInput,
"applicationCriteria": ApplicationControlCriteriaInput,
"applicationCriteriaSatisfy": "ALL",
"device": [DeviceProfileRefInput],
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": ApplicationControlSourceInput,
"tracking": PolicyTrackingInput
}
ApplicationControlApplicationRuleUpdateInput
BetaDescription
Configuration for application-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction
|
Defines the enforcement action when rule conditions match |
actionConfig - ApplicationControlActionConfigUpdateInput
|
Configuration for application control action |
application - ApplicationControlApplicationUpdateInput
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivityInput!]
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL activity criteria must match |
applicationContext - ApplicationControlContextUpdateInput
|
Defines application context criteria with OR logic within sets and AND between sets |
applicationCriteria - ApplicationControlCriteriaUpdateInput
|
Defines custom criteria using applicationCriteriaSatisfy logic within sets and AND between sets |
applicationCriteriaSatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL criteria must match |
device - [DeviceProfileRefInput!]
|
Defines device profile criteria with OR logic within sets and AND between sets |
schedule - PolicyScheduleUpdateInput
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity
|
Indicates the rule's severity level |
source - ApplicationControlSourceUpdateInput
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTrackingUpdateInput
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfigUpdateInput,
"application": ApplicationControlApplicationUpdateInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContextUpdateInput,
"applicationCriteria": ApplicationControlCriteriaUpdateInput,
"applicationCriteriaSatisfy": "ALL",
"device": [DeviceProfileRefInput],
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": ApplicationControlSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
ApplicationControlApplicationUpdateInput
BetaDescription
Application matching configuration. Only one of the following fields should be filled - the others must remain empty.
Fields
| Input Field | Description |
|---|---|
appCategory - ApplicationCategoryRefInput
|
Cato category of applications which are dynamically updated by Cato |
application - ApplicationRefInput
|
Applications for the rule (pre-defined) |
applicationType - [ApplicationType!]
|
Application types |
customApp - CustomApplicationRefInput
|
Custom (user-defined) applications |
customCategory - CustomCategoryRefInput
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
sanctionedAppsCategory - SanctionedAppsCategoryRefInput
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
Example
{
"appCategory": ApplicationCategoryRefInput,
"application": ApplicationRefInput,
"applicationType": ["APPLICATION"],
"customApp": CustomApplicationRefInput,
"customCategory": CustomCategoryRefInput,
"sanctionedAppsCategory": SanctionedAppsCategoryRefInput
}
ApplicationControlAttributeValue
BetaDescription
Attribute Value
Values
| Enum Value | Description |
|---|---|
|
|
Any Value |
|
|
Not Supported |
|
|
Supported |
Example
"ANY"
ApplicationControlAttributes
BetaDescription
Application attributes, such as compliance and security, see the app catalog for details
Fields
| Field Name | Description |
|---|---|
complianceAttributes - ApplicationControlComplianceAttributes!
|
Compliance attributes |
securityAttributes - ApplicationControlSecurityAttributes!
|
Security attributes |
Example
{
"complianceAttributes": ApplicationControlComplianceAttributes,
"securityAttributes": ApplicationControlSecurityAttributes
}
ApplicationControlAttributesInput
BetaDescription
Application attributes, such as compliance and security, see the app catalog for details
Fields
| Input Field | Description |
|---|---|
complianceAttributes - ApplicationControlComplianceAttributesInput!
|
Compliance attributes Default |
securityAttributes - ApplicationControlSecurityAttributesInput!
|
Security attributes Default |
Example
{
"complianceAttributes": ApplicationControlComplianceAttributesInput,
"securityAttributes": ApplicationControlSecurityAttributesInput
}
ApplicationControlAttributesUpdateInput
BetaDescription
Application attributes, such as compliance and security, see the app catalog for details
Fields
| Input Field | Description |
|---|---|
complianceAttributes - ApplicationControlComplianceAttributesUpdateInput
|
Compliance attributes |
securityAttributes - ApplicationControlSecurityAttributesUpdateInput
|
Security attributes |
Example
{
"complianceAttributes": ApplicationControlComplianceAttributesUpdateInput,
"securityAttributes": ApplicationControlSecurityAttributesUpdateInput
}
ApplicationControlComplianceAttributes
BetaDescription
Compliance attributes
Fields
| Field Name | Description |
|---|---|
hippa - ApplicationControlAttributeValue!
|
HIPAA |
isae3402 - ApplicationControlAttributeValue!
|
ISAE 3402 |
iso27001 - ApplicationControlAttributeValue!
|
ISO 27001 |
pciDss - ApplicationControlAttributeValue!
|
PCI DSS |
soc1 - ApplicationControlAttributeValue!
|
SOC 1 |
soc2 - ApplicationControlAttributeValue!
|
SOC 2 |
soc3 - ApplicationControlAttributeValue!
|
SOC 3 |
sox - ApplicationControlAttributeValue!
|
SOX |
Example
{
"hippa": "ANY",
"isae3402": "ANY",
"iso27001": "ANY",
"pciDss": "ANY",
"soc1": "ANY",
"soc2": "ANY",
"soc3": "ANY",
"sox": "ANY"
}
ApplicationControlComplianceAttributesInput
BetaDescription
Compliance attributes
Fields
| Input Field | Description |
|---|---|
hippa - ApplicationControlAttributeValue!
|
HIPAA Default |
isae3402 - ApplicationControlAttributeValue!
|
ISAE 3402 Default |
iso27001 - ApplicationControlAttributeValue!
|
ISO 27001 Default |
pciDss - ApplicationControlAttributeValue!
|
PCI DSS Default |
soc1 - ApplicationControlAttributeValue!
|
SOC 1 Default |
soc2 - ApplicationControlAttributeValue!
|
SOC 2 Default |
soc3 - ApplicationControlAttributeValue!
|
SOC 3 Default |
sox - ApplicationControlAttributeValue!
|
SOX Default |
Example
{
"hippa": "ANY",
"isae3402": "ANY",
"iso27001": "ANY",
"pciDss": "ANY",
"soc1": "ANY",
"soc2": "ANY",
"soc3": "ANY",
"sox": "ANY"
}
ApplicationControlComplianceAttributesUpdateInput
BetaDescription
Compliance attributes
Fields
| Input Field | Description |
|---|---|
hippa - ApplicationControlAttributeValue
|
HIPAA |
isae3402 - ApplicationControlAttributeValue
|
ISAE 3402 |
iso27001 - ApplicationControlAttributeValue
|
ISO 27001 |
pciDss - ApplicationControlAttributeValue
|
PCI DSS |
soc1 - ApplicationControlAttributeValue
|
SOC 1 |
soc2 - ApplicationControlAttributeValue
|
SOC 2 |
soc3 - ApplicationControlAttributeValue
|
SOC 3 |
sox - ApplicationControlAttributeValue
|
SOX |
Example
{
"hippa": "ANY",
"isae3402": "ANY",
"iso27001": "ANY",
"pciDss": "ANY",
"soc1": "ANY",
"soc2": "ANY",
"soc3": "ANY",
"sox": "ANY"
}
ApplicationControlConfig
BetaDescription
Additional attributes for application control
Fields
| Field Name | Description |
|---|---|
dataControlEnabled - PolicyToggleState!
|
Data Control Enabled |
Example
{"dataControlEnabled": "DISABLED"}
ApplicationControlConfigInput
BetaFields
| Input Field | Description |
|---|---|
dataControlEnabled - PolicyToggleState!
|
Data Control Enabled Default |
Example
{"dataControlEnabled": "DISABLED"}
ApplicationControlContentTypeGroupRef
BetaApplicationControlContentTypeGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
ApplicationControlContentTypeRef
BetaApplicationControlContentTypeRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
ApplicationControlContext
BetaFields
| Field Name | Description |
|---|---|
applicationTenant - [ApplicationControlTenant!]!
|
Defines the name of the application tenant to which the policy rule applies |
Example
{"applicationTenant": [ApplicationControlTenant]}
ApplicationControlContextInput
BetaFields
| Input Field | Description |
|---|---|
applicationTenant - [ApplicationControlTenantInput!]!
|
Defines the name of the application tenant to which the policy rule applies Default |
Example
{"applicationTenant": [ApplicationControlTenantInput]}
ApplicationControlContextUpdateInput
BetaFields
| Input Field | Description |
|---|---|
applicationTenant - [ApplicationControlTenantInput!]
|
Defines the name of the application tenant to which the policy rule applies |
Example
{"applicationTenant": [ApplicationControlTenantInput]}
ApplicationControlCriteria
BetaDescription
Application criteria configuration
Fields
| Field Name | Description |
|---|---|
attributes - ApplicationControlAttributes!
|
Application attributes, such as compliance and security, see the app catalog for details |
originCountry - [CountryRef!]!
|
Application registered country of origin |
risk - [ApplicationControlRiskCriteria!]!
|
Application risk |
Example
{
"attributes": ApplicationControlAttributes,
"originCountry": [CountryRef],
"risk": [ApplicationControlRiskCriteria]
}
ApplicationControlCriteriaInput
BetaDescription
Application criteria configuration
Fields
| Input Field | Description |
|---|---|
attributes - ApplicationControlAttributesInput!
|
Application attributes, such as compliance and security, see the app catalog for details Default |
originCountry - [CountryRefInput!]!
|
Application registered country of origin Default |
risk - [ApplicationControlRiskCriteriaInput!]!
|
Application risk Default |
Example
{
"attributes": ApplicationControlAttributesInput,
"originCountry": [CountryRefInput],
"risk": [ApplicationControlRiskCriteriaInput]
}
ApplicationControlCriteriaUpdateInput
BetaDescription
Application criteria configuration
Fields
| Input Field | Description |
|---|---|
attributes - ApplicationControlAttributesUpdateInput
|
Application attributes, such as compliance and security, see the app catalog for details |
originCountry - [CountryRefInput!]
|
Application registered country of origin |
risk - [ApplicationControlRiskCriteriaInput!]
|
Application risk |
Example
{
"attributes": ApplicationControlAttributesUpdateInput,
"originCountry": [CountryRefInput],
"risk": [ApplicationControlRiskCriteriaInput]
}
ApplicationControlCriterionRef
BetaApplicationControlDataRule
BetaDescription
Configuration for data-based control rules
Fields
| Field Name | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethod!]!
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match |
actionConfig - ApplicationControlActionConfig
|
Configuration for application control action |
application - ApplicationControlApplication!
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivity!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match |
applicationContext - ApplicationControlContext!
|
Defines application context criteria with OR logic within sets and AND between sets |
device - [DeviceProfileRef!]!
|
Defines device profile criteria with OR logic within sets and AND between sets |
dlpProfile - ApplicationControlDlpProfile!
|
Specifies DLP profile matching criteria with OR logic within sets and AND between sets |
fileAttribute - [ApplicationControlFileAttribute!]!
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets |
fileAttributeSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL file attribute criteria must match |
schedule - PolicySchedule!
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level |
source - ApplicationControlSource!
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTracking!
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethod],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfig,
"application": ApplicationControlApplication,
"applicationActivity": [ApplicationControlActivity],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContext,
"device": [DeviceProfileRef],
"dlpProfile": ApplicationControlDlpProfile,
"fileAttribute": [ApplicationControlFileAttribute],
"fileAttributeSatisfy": "ALL",
"schedule": PolicySchedule,
"severity": "HIGH",
"source": ApplicationControlSource,
"tracking": PolicyTracking
}
ApplicationControlDataRuleInput
BetaDescription
Configuration for data-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]!
|
Defines access method criteria with OR logic within sets and AND between sets Default |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match Default |
actionConfig - ApplicationControlActionConfigInput
|
Configuration for application control action Default |
application - ApplicationControlApplicationInput!
|
Defines application matching criteria with OR logic within sets and AND between sets Default |
applicationActivity - [ApplicationControlActivityInput!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets Default |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match Default |
applicationContext - ApplicationControlContextInput!
|
Defines application context criteria with OR logic within sets and AND between sets Default |
device - [DeviceProfileRefInput!]!
|
Defines device profile criteria with OR logic within sets and AND between sets Default |
dlpProfile - ApplicationControlDlpProfileInput!
|
Specifies DLP profile matching criteria with OR logic within sets and AND between sets Default |
fileAttribute - [ApplicationControlFileAttributeInput!]!
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets Default |
fileAttributeSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL file attribute criteria must match Default |
schedule - PolicyScheduleInput!
|
Defines time periods when the rule is active Default |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level Default |
source - ApplicationControlSourceInput!
|
Defines source traffic criteria with OR logic within sets and AND between sets Default |
tracking - PolicyTrackingInput!
|
Specifies event logging and notification settings Default |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfigInput,
"application": ApplicationControlApplicationInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContextInput,
"device": [DeviceProfileRefInput],
"dlpProfile": ApplicationControlDlpProfileInput,
"fileAttribute": [ApplicationControlFileAttributeInput],
"fileAttributeSatisfy": "ALL",
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": ApplicationControlSourceInput,
"tracking": PolicyTrackingInput
}
ApplicationControlDataRuleUpdateInput
BetaDescription
Configuration for data-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction
|
Defines the enforcement action when rule conditions match |
actionConfig - ApplicationControlActionConfigUpdateInput
|
Configuration for application control action |
application - ApplicationControlApplicationUpdateInput
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivityInput!]
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL activity criteria must match |
applicationContext - ApplicationControlContextUpdateInput
|
Defines application context criteria with OR logic within sets and AND between sets |
device - [DeviceProfileRefInput!]
|
Defines device profile criteria with OR logic within sets and AND between sets |
dlpProfile - ApplicationControlDlpProfileUpdateInput
|
Specifies DLP profile matching criteria with OR logic within sets and AND between sets |
fileAttribute - [ApplicationControlFileAttributeInput!]
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets |
fileAttributeSatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL file attribute criteria must match |
schedule - PolicyScheduleUpdateInput
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity
|
Indicates the rule's severity level |
source - ApplicationControlSourceUpdateInput
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTrackingUpdateInput
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfigUpdateInput,
"application": ApplicationControlApplicationUpdateInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"applicationContext": ApplicationControlContextUpdateInput,
"device": [DeviceProfileRefInput],
"dlpProfile": ApplicationControlDlpProfileUpdateInput,
"fileAttribute": [ApplicationControlFileAttributeInput],
"fileAttributeSatisfy": "ALL",
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": ApplicationControlSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
ApplicationControlDlpProfile
BetaDescription
DLP profile configuration
Fields
| Field Name | Description |
|---|---|
contentProfile - [DlpContentProfileRef!]!
|
References DLP content matching profiles |
edmProfile - [DlpEdmProfileRef!]!
|
References DLP exact data matching profiles |
Example
{
"contentProfile": [DlpContentProfileRef],
"edmProfile": [DlpEdmProfileRef]
}
ApplicationControlDlpProfileInput
BetaDescription
DLP profile configuration
Fields
| Input Field | Description |
|---|---|
contentProfile - [DlpContentProfileRefInput!]!
|
References DLP content matching profiles Default |
edmProfile - [DlpEdmProfileRefInput!]!
|
References DLP exact data matching profiles Default |
Example
{
"contentProfile": [DlpContentProfileRefInput],
"edmProfile": [DlpEdmProfileRefInput]
}
ApplicationControlDlpProfileUpdateInput
BetaDescription
DLP profile configuration
Fields
| Input Field | Description |
|---|---|
contentProfile - [DlpContentProfileRefInput!]
|
References DLP content matching profiles |
edmProfile - [DlpEdmProfileRefInput!]
|
References DLP exact data matching profiles |
Example
{
"contentProfile": [DlpContentProfileRefInput],
"edmProfile": [DlpEdmProfileRefInput]
}
ApplicationControlFileAttribute
BetaDescription
File attribute matching configuration
Fields
| Field Name | Description |
|---|---|
contentTypeGroupValues - [ApplicationControlContentTypeGroupRef!]!
|
Specifies the content types groups (used only with Content Type attribute) |
contentTypeValues - [ApplicationControlContentTypeRef!]!
|
Specifies the content types (used only with Content Type attribute) |
fileAttribute - ApplicationControlFileAttributeType!
|
Specifies the file attribute type |
operator - ApplicationControlOperator!
|
Defines the comparison operator |
value - String
|
Specifies the comparison value (used with all attributes except Content Type) |
Example
{
"contentTypeGroupValues": [
ApplicationControlContentTypeGroupRef
],
"contentTypeValues": [ApplicationControlContentTypeRef],
"fileAttribute": "CONTENT_IS_ENCRYPTED",
"operator": "CONTAINS",
"value": "xyz789"
}
ApplicationControlFileAttributeInput
BetaDescription
File attribute matching configuration
Fields
| Input Field | Description |
|---|---|
contentTypeGroupValues - [ApplicationControlContentTypeGroupRefInput!]!
|
Specifies the content types groups (used only with Content Type attribute) Default |
contentTypeValues - [ApplicationControlContentTypeRefInput!]!
|
Specifies the content types (used only with Content Type attribute) Default |
fileAttribute - ApplicationControlFileAttributeType!
|
Specifies the file attribute type Default |
operator - ApplicationControlOperator!
|
Defines the comparison operator Default |
value - String
|
Specifies the comparison value (used with all attributes except Content Type) |
Example
{
"contentTypeGroupValues": [
ApplicationControlContentTypeGroupRefInput
],
"contentTypeValues": [
ApplicationControlContentTypeRefInput
],
"fileAttribute": "CONTENT_IS_ENCRYPTED",
"operator": "CONTAINS",
"value": "abc123"
}
ApplicationControlFileAttributeType
BetaDescription
Application Control File Attribute Type
Values
| Enum Value | Description |
|---|---|
|
|
File encryption status |
|
|
File Size |
|
|
File type classification |
Example
"CONTENT_IS_ENCRYPTED"
ApplicationControlFileRule
BetaDescription
Configuration for file-based control rules
Fields
| Field Name | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethod!]!
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match |
actionConfig - ApplicationControlActionConfig
|
Configuration for application control action |
application - ApplicationControlApplication!
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivity!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match |
device - [DeviceProfileRef!]!
|
Defines device profile criteria with OR logic within sets and AND between sets |
fileAttribute - [ApplicationControlFileAttribute!]!
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets |
fileAttributeSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL file attribute criteria must match |
schedule - PolicySchedule!
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level |
source - ApplicationControlSource!
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTracking!
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethod],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfig,
"application": ApplicationControlApplication,
"applicationActivity": [ApplicationControlActivity],
"applicationActivitySatisfy": "ALL",
"device": [DeviceProfileRef],
"fileAttribute": [ApplicationControlFileAttribute],
"fileAttributeSatisfy": "ALL",
"schedule": PolicySchedule,
"severity": "HIGH",
"source": ApplicationControlSource,
"tracking": PolicyTracking
}
ApplicationControlFileRuleInput
BetaDescription
Configuration for file-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]!
|
Defines access method criteria with OR logic within sets and AND between sets Default |
action - ApplicationControlAction!
|
Defines the enforcement action when rule conditions match Default |
actionConfig - ApplicationControlActionConfigInput
|
Configuration for application control action Default |
application - ApplicationControlApplicationInput!
|
Defines application matching criteria with OR logic within sets and AND between sets Default |
applicationActivity - [ApplicationControlActivityInput!]!
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets Default |
applicationActivitySatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL activity criteria must match Default |
device - [DeviceProfileRefInput!]!
|
Defines device profile criteria with OR logic within sets and AND between sets Default |
fileAttribute - [ApplicationControlFileAttributeInput!]!
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets Default |
fileAttributeSatisfy - ApplicationControlSatisfy!
|
Determines whether ANY or ALL file attribute criteria must match Default |
schedule - PolicyScheduleInput!
|
Defines time periods when the rule is active Default |
severity - ApplicationControlSeverity!
|
Indicates the rule's severity level Default |
source - ApplicationControlSourceInput!
|
Defines source traffic criteria with OR logic within sets and AND between sets Default |
tracking - PolicyTrackingInput!
|
Specifies event logging and notification settings Default |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfigInput,
"application": ApplicationControlApplicationInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"device": [DeviceProfileRefInput],
"fileAttribute": [ApplicationControlFileAttributeInput],
"fileAttributeSatisfy": "ALL",
"schedule": PolicyScheduleInput,
"severity": "HIGH",
"source": ApplicationControlSourceInput,
"tracking": PolicyTrackingInput
}
ApplicationControlFileRuleUpdateInput
BetaDescription
Configuration for file-based control rules
Fields
| Input Field | Description |
|---|---|
accessMethod - [ApplicationControlAccessMethodInput!]
|
Defines access method criteria with OR logic within sets and AND between sets |
action - ApplicationControlAction
|
Defines the enforcement action when rule conditions match |
actionConfig - ApplicationControlActionConfigUpdateInput
|
Configuration for application control action |
application - ApplicationControlApplicationUpdateInput
|
Defines application matching criteria with OR logic within sets and AND between sets |
applicationActivity - [ApplicationControlActivityInput!]
|
Defines activity matching criteria using activitySatisfy logic within sets and AND between sets |
applicationActivitySatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL activity criteria must match |
device - [DeviceProfileRefInput!]
|
Defines device profile criteria with OR logic within sets and AND between sets |
fileAttribute - [ApplicationControlFileAttributeInput!]
|
Defines file attribute criteria using fileAttributeSatisfy logic within sets and AND between sets |
fileAttributeSatisfy - ApplicationControlSatisfy
|
Determines whether ANY or ALL file attribute criteria must match |
schedule - PolicyScheduleUpdateInput
|
Defines time periods when the rule is active |
severity - ApplicationControlSeverity
|
Indicates the rule's severity level |
source - ApplicationControlSourceUpdateInput
|
Defines source traffic criteria with OR logic within sets and AND between sets |
tracking - PolicyTrackingUpdateInput
|
Specifies event logging and notification settings |
Example
{
"accessMethod": [ApplicationControlAccessMethodInput],
"action": "ALLOW",
"actionConfig": ApplicationControlActionConfigUpdateInput,
"application": ApplicationControlApplicationUpdateInput,
"applicationActivity": [
ApplicationControlActivityInput
],
"applicationActivitySatisfy": "ALL",
"device": [DeviceProfileRefInput],
"fileAttribute": [ApplicationControlFileAttributeInput],
"fileAttributeSatisfy": "ALL",
"schedule": PolicyScheduleUpdateInput,
"severity": "HIGH",
"source": ApplicationControlSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
ApplicationControlOperator
BetaDescription
Application Control Operator
Values
| Enum Value | Description |
|---|---|
|
|
Substring match comparison |
|
|
Numerical greater than comparison |
|
|
Set membership comparison |
|
|
Exact match comparison |
|
|
Numerical less than or equal comparison |
Example
"CONTAINS"
ApplicationControlPolicy
BetaFields
| Field Name | Description |
|---|---|
additionalAttributes - ApplicationControlConfig
|
|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [ApplicationControlRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"additionalAttributes": ApplicationControlConfig,
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [ApplicationControlRulePayload],
"sections": [PolicySectionPayload]
}
ApplicationControlPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
ApplicationControlPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
ApplicationControlPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - ApplicationControlPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": ApplicationControlPolicy,
"status": "FAILURE"
}
ApplicationControlPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
additionalAttributes - ApplicationControlConfigInput
|
|
state - PolicyToggleState
|
Example
{
"additionalAttributes": ApplicationControlConfigInput,
"state": "DISABLED"
}
ApplicationControlRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
ApplicationControlRiskCriteria
BetaDescription
Application risk
Fields
| Field Name | Description |
|---|---|
risk - ApplicationRisk!
|
Application risk |
riskOperator - ApplicationControlOperator!
|
Application risk operator |
Example
{"risk": ApplicationRisk, "riskOperator": "CONTAINS"}
ApplicationControlRiskCriteriaInput
BetaDescription
Application risk
Fields
| Input Field | Description |
|---|---|
risk - ApplicationRisk!
|
Application risk |
riskOperator - ApplicationControlOperator!
|
Application risk operator Default |
Example
{"risk": ApplicationRisk, "riskOperator": "CONTAINS"}
ApplicationControlRule
BetaFields
| Field Name | Description |
|---|---|
applicationRule - ApplicationControlApplicationRule
|
Defines application control settings. Must only be used when ruleType is APPLICATION |
dataRule - ApplicationControlDataRule
|
Defines data control settings. Must only be used when ruleType is DATA |
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
fileRule - ApplicationControlFileRule
|
Defines file control settings. Must only be used when ruleType is FILE |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
ruleType - ApplicationControlRuleType!
|
Determines which rule configuration to use. When set to APPLICATION, only applicationRule should be used. When set to DATA, only dataRule should be used. When set to FILE, only fileRule should be used |
section - PolicySectionInfo!
|
Policy section where the rule is located |
Example
{
"applicationRule": ApplicationControlApplicationRule,
"dataRule": ApplicationControlDataRule,
"description": "abc123",
"enabled": false,
"fileRule": ApplicationControlFileRule,
"id": 4,
"index": 123,
"name": "xyz789",
"ruleType": "APPLICATION",
"section": PolicySectionInfo
}
ApplicationControlRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - ApplicationControlRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": ApplicationControlRulePayload,
"status": "FAILURE"
}
ApplicationControlRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - ApplicationControlRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": ApplicationControlRule
}
ApplicationControlRuleType
BetaDescription
Application Control Rule Type
Values
| Enum Value | Description |
|---|---|
|
|
Specifies an application control rule |
|
|
Specifies an data control rule |
|
|
Specifies an file control rule |
Example
"APPLICATION"
ApplicationControlSatisfy
BetaDescription
Application Control Satisfy
Values
| Enum Value | Description |
|---|---|
|
|
Match only if all criteria are met |
|
|
Match if any criteria are met |
Example
"ALL"
ApplicationControlSecurityAttributes
BetaDescription
Security attributes
Fields
| Field Name | Description |
|---|---|
auditTrail - ApplicationControlAttributeValue!
|
Audit trail |
encryptionAtRest - ApplicationControlAttributeValue!
|
Encryption at rest |
httpSecurityHeaders - ApplicationControlAttributeValue!
|
Http security headers |
mfa - ApplicationControlAttributeValue!
|
MFA |
rbac - ApplicationControlAttributeValue!
|
RBAC |
rememberPassword - ApplicationControlAttributeValue!
|
Remember password |
sso - ApplicationControlAttributeValue!
|
SSO |
tlsEnforcement - ApplicationControlAttributeValue!
|
TLS enforcement |
trustedCertificate - ApplicationControlAttributeValue!
|
Trusted certificate |
Example
{
"auditTrail": "ANY",
"encryptionAtRest": "ANY",
"httpSecurityHeaders": "ANY",
"mfa": "ANY",
"rbac": "ANY",
"rememberPassword": "ANY",
"sso": "ANY",
"tlsEnforcement": "ANY",
"trustedCertificate": "ANY"
}
ApplicationControlSecurityAttributesInput
BetaDescription
Security attributes
Fields
| Input Field | Description |
|---|---|
auditTrail - ApplicationControlAttributeValue!
|
Audit trail Default |
encryptionAtRest - ApplicationControlAttributeValue!
|
Encryption at rest Default |
httpSecurityHeaders - ApplicationControlAttributeValue!
|
Http security headers Default |
mfa - ApplicationControlAttributeValue!
|
MFA Default |
rbac - ApplicationControlAttributeValue!
|
RBAC Default |
rememberPassword - ApplicationControlAttributeValue!
|
Remember password Default |
sso - ApplicationControlAttributeValue!
|
SSO Default |
tlsEnforcement - ApplicationControlAttributeValue!
|
TLS enforcement Default |
trustedCertificate - ApplicationControlAttributeValue!
|
Trusted certificate Default |
Example
{
"auditTrail": "ANY",
"encryptionAtRest": "ANY",
"httpSecurityHeaders": "ANY",
"mfa": "ANY",
"rbac": "ANY",
"rememberPassword": "ANY",
"sso": "ANY",
"tlsEnforcement": "ANY",
"trustedCertificate": "ANY"
}
ApplicationControlSecurityAttributesUpdateInput
BetaDescription
Security attributes
Fields
| Input Field | Description |
|---|---|
auditTrail - ApplicationControlAttributeValue
|
Audit trail |
encryptionAtRest - ApplicationControlAttributeValue
|
Encryption at rest |
httpSecurityHeaders - ApplicationControlAttributeValue
|
Http security headers |
mfa - ApplicationControlAttributeValue
|
MFA |
rbac - ApplicationControlAttributeValue
|
RBAC |
rememberPassword - ApplicationControlAttributeValue
|
Remember password |
sso - ApplicationControlAttributeValue
|
SSO |
tlsEnforcement - ApplicationControlAttributeValue
|
TLS enforcement |
trustedCertificate - ApplicationControlAttributeValue
|
Trusted certificate |
Example
{
"auditTrail": "ANY",
"encryptionAtRest": "ANY",
"httpSecurityHeaders": "ANY",
"mfa": "ANY",
"rbac": "ANY",
"rememberPassword": "ANY",
"sso": "ANY",
"tlsEnforcement": "ANY",
"trustedCertificate": "ANY"
}
ApplicationControlSeverity
BetaDescription
Severity level
Values
| Enum Value | Description |
|---|---|
|
|
Indicates a high severity level |
|
|
Indicates a low severity level |
|
|
Indicates a medium severity level |
Example
"HIGH"
ApplicationControlSource
BetaDescription
Source traffic matching configuration
Fields
| Field Name | Description |
|---|---|
country - [CountryRef!]!
|
Country traffic matching criteria |
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"country": [CountryRef],
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
ApplicationControlSourceInput
BetaDescription
Source traffic matching configuration
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]!
|
Country traffic matching criteria Default |
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ApplicationControlSourceUpdateInput
BetaDescription
Source traffic matching configuration
Fields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]
|
Country traffic matching criteria |
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"country": [CountryRefInput],
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ApplicationControlTenant
BetaDescription
Tenant matching configuration
Fields
| Field Name | Description |
|---|---|
operator - ApplicationControlOperator
|
Defines the operator used for comparisons |
value - String
|
Specifies the comparison value |
valueSet - StringValueSetRef
|
References a set of values (used only with IN operator) |
Example
{
"operator": "CONTAINS",
"value": "abc123",
"valueSet": StringValueSetRef
}
ApplicationControlTenantInput
BetaDescription
Tenant matching configuration
Fields
| Input Field | Description |
|---|---|
operator - ApplicationControlOperator
|
Defines the operator used for comparisons Default |
value - String
|
Specifies the comparison value |
valueSet - StringValueSetRefInput
|
References a set of values (used only with IN operator) |
Example
{
"operator": "CONTAINS",
"value": "xyz789",
"valueSet": StringValueSetRefInput
}
ApplicationControlUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
applicationRule - ApplicationControlApplicationRuleUpdateInput
|
Defines application control settings. Must only be used when ruleType is APPLICATION |
dataRule - ApplicationControlDataRuleUpdateInput
|
Defines data control settings. Must only be used when ruleType is DATA |
description - String
|
|
enabled - Boolean
|
|
fileRule - ApplicationControlFileRuleUpdateInput
|
Defines file control settings. Must only be used when ruleType is FILE |
name - String
|
|
ruleType - ApplicationControlRuleType
|
Determines which rule configuration to use. When set to APPLICATION, only applicationRule should be used. When set to DATA, only dataRule should be used. When set to FILE, only fileRule should be used |
Example
{
"applicationRule": ApplicationControlApplicationRuleUpdateInput,
"dataRule": ApplicationControlDataRuleUpdateInput,
"description": "abc123",
"enabled": false,
"fileRule": ApplicationControlFileRuleUpdateInput,
"name": "abc123",
"ruleType": "APPLICATION"
}
ApplicationControlUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - ApplicationControlUpdateRuleDataInput!
|
Example
{"id": 4, "rule": ApplicationControlUpdateRuleDataInput}
ApplicationRef
BetaApplicationRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
ApplicationRisk
BetaDescription
Application Risk
Example
ApplicationRisk
ApplicationType
BetaDescription
Application Type
Values
| Enum Value | Description |
|---|---|
|
|
Application |
|
|
Cloud Application type |
|
|
Service |
Example
"APPLICATION"
Asn16
BetaDescription
16 bit autonomous system number [0-65535]
Example
Asn16
Asn32
BetaDescription
32 bit autonomous system number [0-4294967295]
Example
Asn32
AssignSiteBwLicenseInput
BetaFields
| Input Field | Description |
|---|---|
bw - Int
|
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license. This field should not be used if a site license is used. |
licenseId - ID!
|
The license that is being assigned |
site - SiteRefInput!
|
The site the license is assigned to |
Example
{"bw": 123, "licenseId": 4, "site": SiteRefInput}
AssignSiteBwLicensePayload
BetaFields
| Field Name | Description |
|---|---|
license - License!
|
Example
{"license": License}
AtpLicense
BetaDescription
Advanced Threat Prevention (ATP) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
AuditFeed
Example
{
"accounts": [AuditFeedAccountRecords],
"fetchedCount": 987,
"from": "2007-12-03T10:15:30Z",
"hasMore": true,
"marker": "abc123",
"to": "2007-12-03T10:15:30Z"
}
AuditFeedAccountRecords
Fields
| Field Name | Description |
|---|---|
id - ID
|
|
records - [AuditRecord!]
|
|
Arguments
|
|
Example
{"id": 4, "records": [AuditRecord]}
AuditField
AuditFieldFilterInput
Fields
| Input Field | Description |
|---|---|
fieldName - FieldNameInput!
|
|
operator - ElasticOperator!
|
Use AuditFieldName for audits |
values - [String!]
|
Example
{
"fieldName": FieldNameInput,
"operator": "between",
"values": ["xyz789"]
}
AuditFieldName
Values
| Enum Value | Description |
|---|---|
|
|
The name of the account on which the record was created |
|
|
The id of the account on which the record was created |
|
|
The admin whose action generated the record |
|
|
The ID of the admin whose action generated the record |
|
|
The api key whose action generated the record |
|
|
|
|
|
the nature of the change: CREATED, DELETED, MODIFIED, ENABLED, DISABLED, SKIPPED
|
|
|
Time the record was created |
|
|
Time the record was committed to storage |
|
|
The name of the object that was affected, e.g. 'My Site' |
|
|
The type of object that was affected. e.g. Site, Socket, SocketInterface |
|
|
Less granular than model_name, a general marker of the modified area: administration, configuration, security |
Example
"account"
AuditRecord
Description
Represents a single event in the audit database
Fields
| Field Name | Description |
|---|---|
account - EntityInfo
|
|
admin - Entity
|
|
apiKey - Entity
|
|
fields - [AuditField!]
|
All fields in the audit record (including the admin and object) |
fieldsMap - Map
|
fields in map format (see Map scalar) |
flatFields - [String!]
|
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ] |
object - Entity
|
|
time - DateTime
|
Example
{
"account": EntityInfo,
"admin": Entity,
"apiKey": Entity,
"fields": [AuditField],
"fieldsMap": Map,
"flatFields": ["abc123"],
"object": Entity,
"time": "2007-12-03T10:15:30Z"
}
AuditingMetadata
AuditingMetadataFilterInput
BetaFields
| Input Field | Description |
|---|---|
updatedBy - ActorRefInput
|
|
updatedTime - DateTimeFilterInput
|
Example
{
"updatedBy": ActorRefInput,
"updatedTime": DateTimeFilterInput
}
AuditingMetadataSortInput
BetaFields
| Input Field | Description |
|---|---|
updatedBy - SortOrderInput
|
|
updatedTime - SortOrderInput
|
Example
{
"updatedBy": SortOrderInput,
"updatedTime": SortOrderInput
}
AuthInterface
Fields
| Field Name | Description |
|---|---|
authType - AuthType!
|
Possible Types
| AuthInterface Types |
|---|
Example
{"authType": "BASIC_AUTH"}
AuthType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"BASIC_AUTH"
Description
Input parameters for querying available versions.
Fields
| Input Field | Description |
|---|---|
platforms - [String!]!
|
List of platforms to retrieve available versions for. |
Example
{"platforms": ["abc123"]}
Description
Response payload for available versions query.
Fields
| Field Name | Description |
|---|---|
items - [PlatformVersions!]!
|
List of available versions for each requested platform. |
Example
{"items": [PlatformVersions]}
BGPConnection
BackhaulingDestination
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"INTERNET_BREAKOUT"
BandwidthManagementRef
BetaBandwidthManagementRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
BasicAuth
BearerTokenAuth
Fields
| Field Name | Description |
|---|---|
authType - AuthType!
|
Example
{"authType": "BASIC_AUTH"}
BfdSettings
BetaFields
| Field Name | Description |
|---|---|
multiplier - Int!
|
Number of missed BFD packets before considering the session down. |
receiveInterval - Int!
|
Time interval (in milliseconds) in which this peer expects to receive BFD packets. |
transmitInterval - Int!
|
Time interval (in milliseconds) between BFD packets sent by this peer. |
Example
{"multiplier": 123, "receiveInterval": 123, "transmitInterval": 123}
BfdSettingsInput
BetaFields
| Input Field | Description |
|---|---|
multiplier - Int!
|
Number of missed BFD packets before considering the session down. Default |
receiveInterval - Int!
|
Time interval (in milliseconds) in which this peer expects to receive BFD packets. Default |
transmitInterval - Int!
|
Time interval (in milliseconds) between BFD packets sent by this peer. Default |
Example
{"multiplier": 123, "receiveInterval": 987, "transmitInterval": 123}
BgpCommunity
BetaBgpCommunityFilterPredicate
BetaValues
| Enum Value | Description |
|---|---|
|
|
Matches exactly the specified community value. |
|
|
Matches any community value except the specified one. |
Example
"EQUAL"
BgpCommunityFilterRule
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values to match. |
id - ID!
|
Unique identifier of the community filter rule. |
predicate - BgpCommunityFilterPredicate!
|
Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL). |
Example
{
"community": [BgpCommunity],
"id": "4",
"predicate": "EQUAL"
}
BgpCommunityFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
community - [BgpCommunityInput!]!
|
Community values to match. Default |
predicate - BgpCommunityFilterPredicate
|
Predicate to apply to the community filter (e.g., EQUAL, NOT_EQUAL). |
Example
{"community": [BgpCommunityInput], "predicate": "EQUAL"}
BgpCommunityInput
BetaBgpDefaultAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
Default action to accept all unmatched routes. |
|
|
Default action to drop all unmatched routes. |
Example
"ACCEPT"
BgpDetailedStatus
BetaFields
| Field Name | Description |
|---|---|
bfdSession - String
|
Status of the BFD session (if applicable). |
bgpSession - String!
|
Status of the BGP session (e.g., established, down). |
rejectedRoutesFromPeer - [BgpRejectedRoutesFromPeer!]!
|
Routes rejected from the peer. |
remoteIp - IPAddress!
|
IP address of the remote BGP peer. |
routesFromPeer - [String!]!
|
Routes received from the peer. |
routesToPeer - [String!]!
|
Routes sent to the peer. |
Example
{
"bfdSession": "xyz789",
"bgpSession": "xyz789",
"rejectedRoutesFromPeer": [BgpRejectedRoutesFromPeer],
"remoteIp": IPAddress,
"routesFromPeer": ["xyz789"],
"routesToPeer": ["xyz789"]
}
BgpFilterRule
BetaFields
| Field Name | Description |
|---|---|
bgpRouteExactAndInclusiveFilterRule - BgpRouteExactAndInclusiveFilterRule
|
Exact and inclusive filter rule. Please choose only one filter rule type. |
bgpRouteExactFilterRule - BgpRouteExactFilterRule
|
Exact route filter rule. Please choose only one filter rule type. |
communityFilterRule - BgpCommunityFilterRule
|
Community filter rule. Please choose only one filter rule type. |
Example
{
"bgpRouteExactAndInclusiveFilterRule": BgpRouteExactAndInclusiveFilterRule,
"bgpRouteExactFilterRule": BgpRouteExactFilterRule,
"communityFilterRule": BgpCommunityFilterRule
}
BgpFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
bgpRouteExactAndInclusiveFilterRule - BgpRouteExactAndInclusiveFilterRuleInput
|
Input for exact and inclusive filter rule. |
bgpRouteExactFilterRule - BgpRouteExactFilterRuleInput
|
Input for exact route filter rule. |
communityFilterRule - BgpCommunityFilterRuleInput
|
Input for community filter rule. |
Example
{
"bgpRouteExactAndInclusiveFilterRule": BgpRouteExactAndInclusiveFilterRuleInput,
"bgpRouteExactFilterRule": BgpRouteExactFilterRuleInput,
"communityFilterRule": BgpCommunityFilterRuleInput
}
BgpPeer
BetaFields
| Field Name | Description |
|---|---|
advertiseAllRoutes - Boolean!
|
Indicates if all routes are advertised. |
advertiseDefaultRoute - Boolean!
|
Indicates if the default route is advertised. |
advertiseSummaryRoutes - Boolean!
|
Indicates if summarized routes are advertised. |
bfdEnabled - Boolean!
|
Indicates if BFD is enabled for failure detection. |
bfdSettings - BfdSettings
|
BFD configuration. |
catoAsn - Asn16!
|
AS number of Cato's BGP endpoint. |
catoIp - IPAddress!
|
IP address of Cato's BGP endpoint. |
defaultAction - BgpDefaultAction!
|
Default action for routes not matching filters (ACCEPT or DROP). |
defaultActionExclusion - [BgpFilterRule!]!
|
Rules excluded from the default action. |
defaultRouteCommunities - [BgpCommunity!]!
|
Community values associated with the default route. |
holdTime - Int!
|
Time before declaring the peer unreachable. |
id - ID!
|
Unique identifier for the BGP peer. |
keepaliveInterval - Int!
|
Interval between keepalive messages. |
md5AuthKey - String
|
MD5 authentication key for secure sessions. |
metric - Int!
|
Metric for route preferences. |
name - String!
|
Name of the BGP configuration entity. |
peerAsn - Asn32!
|
AS number of the peer BGP endpoint. |
peerIp - IPAddress!
|
IP address of the peer BGP endpoint. |
performNat - Boolean!
|
Indicates if NAT is performed on routes. |
site - SiteRef!
|
Site associated with this BGP peer. |
summaryRoute - [BgpSummaryRoute!]!
|
Summarized routes advertised to the peer. |
tracking - BgpTracking
|
Tracking configuration for health and availability. |
Example
{
"advertiseAllRoutes": true,
"advertiseDefaultRoute": false,
"advertiseSummaryRoutes": false,
"bfdEnabled": true,
"bfdSettings": BfdSettings,
"catoAsn": Asn16,
"catoIp": IPAddress,
"defaultAction": "ACCEPT",
"defaultActionExclusion": [BgpFilterRule],
"defaultRouteCommunities": [BgpCommunity],
"holdTime": 987,
"id": "4",
"keepaliveInterval": 987,
"md5AuthKey": "abc123",
"metric": 987,
"name": "abc123",
"peerAsn": Asn32,
"peerIp": IPAddress,
"performNat": true,
"site": SiteRef,
"summaryRoute": [BgpSummaryRoute],
"tracking": BgpTracking
}
BgpPeerListInput
BetaFields
| Input Field | Description |
|---|---|
site - SiteRefInput!
|
Identifies the site whose BGP peers are listed. |
Example
{"site": SiteRefInput}
BgpPeerListPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - [BgpPeer!]!
|
BGP peers associated with the site. |
total - Int!
|
Total number of BGP peers found. |
Example
{"bgpPeer": [BgpPeer], "total": 123}
BgpPeerRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Specifies the method of identification (default is by ID). Default |
input - String!
|
Value used to identify the BGP peer (e.g., ID or name). |
Example
{"by": "ID", "input": "xyz789"}
BgpRejectedRoutesFromPeer
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values associated with the rejected route. |
lastPublishAttempt - DateTime
|
Timestamp of the last attempt to publish the rejected route. |
rule - String
|
Filter rule that caused the rejection. |
subnet - NetworkSubnet
|
Subnet of the rejected route. |
type - String
|
Reason for rejecting the route. |
Example
{
"community": [BgpCommunity],
"lastPublishAttempt": "2007-12-03T10:15:30Z",
"rule": "abc123",
"subnet": NetworkSubnet,
"type": "abc123"
}
BgpRouteExactAndInclusiveFilterRule
BetaFields
| Field Name | Description |
|---|---|
ge - Int
|
Minimum prefix length for the filter rule. |
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges to include. |
globalIpRangeException - [GlobalIpRangeRef!]!
|
Global IP ranges to exclude. |
id - ID!
|
Unique identifier of the filter rule. |
le - Int
|
Maximum prefix length for the filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. |
networkSubnetException - [NetworkSubnet!]!
|
Network subnets to exclude. |
Example
{
"ge": 987,
"globalIpRange": [GlobalIpRangeRef],
"globalIpRangeException": [GlobalIpRangeRef],
"id": "4",
"le": 123,
"networkSubnet": [NetworkSubnet],
"networkSubnetException": [NetworkSubnet]
}
BgpRouteExactAndInclusiveFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
ge - Int
|
Minimum prefix length for the filter rule. |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges to include. Default |
globalIpRangeException - [GlobalIpRangeRefInput!]!
|
Global IP ranges to exclude. Default |
le - Int
|
Maximum prefix length for the filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. Default |
networkSubnetException - [NetworkSubnet!]!
|
Network subnets to exclude. Default |
Example
{
"ge": 987,
"globalIpRange": [GlobalIpRangeRefInput],
"globalIpRangeException": [GlobalIpRangeRefInput],
"le": 123,
"networkSubnet": [NetworkSubnet],
"networkSubnetException": [NetworkSubnet]
}
BgpRouteExactFilterRule
BetaFields
| Field Name | Description |
|---|---|
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges to include. |
id - ID!
|
Unique identifier of the exact filter rule. |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. |
Example
{
"globalIpRange": [GlobalIpRangeRef],
"id": 4,
"networkSubnet": [NetworkSubnet]
}
BgpRouteExactFilterRuleInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges to include. Default |
networkSubnet - [NetworkSubnet!]!
|
Network subnets to include. Default |
Example
{
"globalIpRange": [GlobalIpRangeRefInput],
"networkSubnet": [NetworkSubnet]
}
BgpState
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Active"
BgpSummaryRoute
BetaFields
| Field Name | Description |
|---|---|
community - [BgpCommunity!]!
|
Community values associated with the route. |
id - ID!
|
Unique identifier of the summarized route. |
route - NetworkSubnet!
|
Subnet of the summarized route. |
Example
{
"community": [BgpCommunity],
"id": "4",
"route": NetworkSubnet
}
BgpSummaryRouteInput
BetaFields
| Input Field | Description |
|---|---|
community - [BgpCommunityInput!]!
|
Community values to associate with the summarized route. Default |
route - NetworkSubnet!
|
Subnet of the summarized route to be advertised. |
Example
{
"community": [BgpCommunityInput],
"route": NetworkSubnet
}
BgpTracking
BetaFields
| Field Name | Description |
|---|---|
alertFrequency - PolicyRuleTrackingFrequencyEnum!
|
Frequency of health alerts. |
enabled - Boolean!
|
Indicates if tracking is enabled. |
id - ID!
|
Unique identifier for the tracking rule. |
subscriptionId - ID
|
Subscription ID associated with the rule. |
Example
{
"alertFrequency": "DAILY",
"enabled": false,
"id": "4",
"subscriptionId": 4
}
BgpTrackingInput
BetaFields
| Input Field | Description |
|---|---|
alertFrequency - PolicyRuleTrackingFrequencyEnum!
|
Frequency of health alerts. Default |
enabled - Boolean!
|
Indicates if tracking is enabled. Default |
subscriptionId - ID!
|
Subscription ID associated with this tracking rule. |
Example
{
"alertFrequency": "DAILY",
"enabled": true,
"subscriptionId": "4"
}
Boolean
Description
The Boolean scalar type represents true or false.
BooleanFilterInput
BetaBooleanPredicate
BetaFields
| Input Field | Description |
|---|---|
is - String!
|
Example
{"is": "abc123"}
BypassSocketPortType
BetaValues
| Enum Value | Description |
|---|---|
|
|
Automatic socket port type. |
|
|
WAN1 socket port type. |
|
|
WAN2 socket port type. |
|
|
WAN3 socket port type. |
|
|
WAN4 socket port type. |
Example
"AUTOMATIC"
CancelPartnerAccessInput
BetaCancelPartnerAccessPayload
BetaDescription
Output for canceling a partner access request.
Fields
| Field Name | Description |
|---|---|
invitation - ExternalAccessRequest!
|
Updated access request. |
Example
{"invitation": ExternalAccessRequest}
CasbLicense
BetaDescription
Cloud Access Security Broker (CASB) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
CatalogApplication
BetaFields
| Field Name | Description |
|---|---|
activity - [CatalogApplicationActivity!]!
|
|
aiSecurity - AiSecurityAttributes
|
|
capability - [CatalogApplicationCapability!]!
|
|
category - [ApplicationCategoryRef!]!
|
|
city - String
|
|
complianceAttributes - CatalogApplicationComplianceAttributes!
|
|
description - String
|
|
descriptionSummary - String
|
|
id - ID!
|
|
identityAccessManagementAttributes - CatalogApplicationIdentityAccessManagementAttributes
|
|
ipoStatus - String
|
|
name - String!
|
|
numOfEmployees - EmployeeRange
|
|
originCountry - CountryRef
|
|
recentlyAdded - Boolean!
|
|
region - String
|
|
risk - ApplicationRisk
|
|
sanctioned - Boolean!
|
|
securityAttributes - CatalogApplicationSecurityAttributes!
|
|
standardPorts - [CustomService!]!
|
|
tenantActivity - [CatalogApplicationActivity!]!
|
|
type - CatalogApplicationType!
|
|
website - Url
|
Example
{
"activity": [CatalogApplicationActivity],
"aiSecurity": AiSecurityAttributes,
"capability": ["AI_SECURITY_API_INTEGRATION"],
"category": [ApplicationCategoryRef],
"city": "xyz789",
"complianceAttributes": CatalogApplicationComplianceAttributes,
"description": "xyz789",
"descriptionSummary": "abc123",
"id": 4,
"identityAccessManagementAttributes": CatalogApplicationIdentityAccessManagementAttributes,
"ipoStatus": "abc123",
"name": "abc123",
"numOfEmployees": "BETWEEN_00001_00010",
"originCountry": CountryRef,
"recentlyAdded": false,
"region": "xyz789",
"risk": ApplicationRisk,
"sanctioned": true,
"securityAttributes": CatalogApplicationSecurityAttributes,
"standardPorts": [CustomService],
"tenantActivity": [CatalogApplicationActivity],
"type": "APPLICATION",
"website": Url
}
CatalogApplicationActivity
BetaFields
| Field Name | Description |
|---|---|
fields - [CatalogApplicationActivityField!]!
|
|
id - ID!
|
|
name - String!
|
Example
{
"fields": [CatalogApplicationActivityField],
"id": 4,
"name": "xyz789"
}
CatalogApplicationActivityField
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String!
|
|
possibleOperators - [CatalogApplicationActivityFieldOperator!]!
|
|
possibleValues - [String!]!
|
Example
{
"id": "4",
"name": "abc123",
"possibleOperators": ["CONTAINS"],
"possibleValues": ["abc123"]
}
CatalogApplicationActivityFieldOperator
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONTAINS"
CatalogApplicationActivityFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [CatalogApplicationActivityRefInput!]
|
Example
{"hasAny": [CatalogApplicationActivityRefInput]}
CatalogApplicationActivityRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
CatalogApplicationAttribute
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"SUPPORTED"
CatalogApplicationCapability
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AI_SECURITY_API_INTEGRATION"
CatalogApplicationCapabilityFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [CatalogApplicationCapability!]
|
Example
{"hasAny": ["AI_SECURITY_API_INTEGRATION"]}
CatalogApplicationCategoryFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAny - [ApplicationCategoryRefInput!]
|
Example
{"hasAny": [ApplicationCategoryRefInput]}
CatalogApplicationCategorySortInput
BetaFields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
Example
{"name": SortOrderInput}
CatalogApplicationComplianceAttributes
BetaFields
Example
{
"c5Attestation": "SUPPORTED",
"cjis": "SUPPORTED",
"cobit": "SUPPORTED",
"coppa": "SUPPORTED",
"csaStar": "SUPPORTED",
"cyberEssentialsPlusUk": "SUPPORTED",
"euUsDataPrivacyFramework": "SUPPORTED",
"fedRamp": "SUPPORTED",
"ferpa": "SUPPORTED",
"ffiec": "SUPPORTED",
"finra": "SUPPORTED",
"fisma": "SUPPORTED",
"gapp": "SUPPORTED",
"gdpr": "SUPPORTED",
"glba": "SUPPORTED",
"hippa": "SUPPORTED",
"hitrustCsf": "SUPPORTED",
"isae3402": "SUPPORTED",
"iso27001": "SUPPORTED",
"iso27002": "SUPPORTED",
"iso27017": "SUPPORTED",
"iso27018": "SUPPORTED",
"iso9000": "SUPPORTED",
"iso9001": "SUPPORTED",
"itar": "SUPPORTED",
"japanPrivacyMark": "SUPPORTED",
"jerichoForumCommandments": "SUPPORTED",
"nistSp80053": "SUPPORTED",
"pciDss": "SUPPORTED",
"soc1": "SUPPORTED",
"soc2": "SUPPORTED",
"soc3": "SUPPORTED",
"sox": "SUPPORTED",
"trustArcPrivacy": "SUPPORTED"
}
CatalogApplicationContentType
BetaCatalogApplicationContentTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
Example
{
"id": [IdFilterInput],
"name": [StringFilterInput]
}
CatalogApplicationContentTypeGroup
BetaFields
| Field Name | Description |
|---|---|
contentType - [CatalogApplicationContentType!]!
|
|
id - ID!
|
|
name - String!
|
Example
{
"contentType": [CatalogApplicationContentType],
"id": 4,
"name": "xyz789"
}
CatalogApplicationContentTypeGroupFilterInput
BetaFields
| Input Field | Description |
|---|---|
contentType - [CatalogApplicationContentTypeFilterInput!]
|
|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
Example
{
"contentType": [
CatalogApplicationContentTypeFilterInput
],
"id": [IdFilterInput],
"name": [StringFilterInput]
}
CatalogApplicationContentTypeGroupListInput
BetaFields
| Input Field | Description |
|---|---|
filter - [CatalogApplicationContentTypeGroupFilterInput!]
|
|
paging - PagingInput
|
|
sort - CatalogApplicationContentTypeGroupSortInput
|
Example
{
"filter": [
CatalogApplicationContentTypeGroupFilterInput
],
"paging": PagingInput,
"sort": CatalogApplicationContentTypeGroupSortInput
}
CatalogApplicationContentTypeGroupListPayload
BetaFields
| Field Name | Description |
|---|---|
contentTypeGroup - [CatalogApplicationContentTypeGroup!]!
|
|
pageInfo - PageInfo!
|
Example
{
"contentTypeGroup": [
CatalogApplicationContentTypeGroup
],
"pageInfo": PageInfo
}
CatalogApplicationContentTypeGroupSortInput
BetaFields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
Example
{"name": SortOrderInput}
CatalogApplicationDataDeletionPolicy
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AFTER_ACCOUNT_DELETION"
CatalogApplicationDataOwnership
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"CUSTOMER_OWNS_DATA"
CatalogApplicationDataRetentionPolicy
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONFIGURABLE_BY_USER"
CatalogApplicationEncryptionStrengthAtRest
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ENCRYPTION_128_BIT"
CatalogApplicationFilterInput
BetaFields
| Input Field | Description |
|---|---|
activity - [CatalogApplicationActivityFilterInput!]
|
|
capability - [CatalogApplicationCapabilityFilterInput!]
|
|
category - [CatalogApplicationCategoryFilterInput!]
|
|
freeText - FreeTextFilterInput
|
Free-text search across name, activity and activity fields |
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
|
originCountry - [StringFilterInput!]
|
|
recentlyAdded - [BooleanFilterInput!]
|
|
risk - [IntFilterInput!]
|
|
tenantActivity - [BooleanFilterInput!]
|
|
type - [CatalogApplicationTypeFilterInput!]
|
Example
{
"activity": [CatalogApplicationActivityFilterInput],
"capability": [CatalogApplicationCapabilityFilterInput],
"category": [CatalogApplicationCategoryFilterInput],
"freeText": FreeTextFilterInput,
"id": [IdFilterInput],
"name": [StringFilterInput],
"originCountry": [StringFilterInput],
"recentlyAdded": [BooleanFilterInput],
"risk": [IntFilterInput],
"tenantActivity": [BooleanFilterInput],
"type": [CatalogApplicationTypeFilterInput]
}
CatalogApplicationIdentityAccessManagementAttributes
BetaFields
| Field Name | Description |
|---|---|
accessControlEnforcement - CatalogApplicationAttribute
|
|
ipBasedAccessRestrictions - CatalogApplicationAttribute
|
|
samlAuthentication - CatalogApplicationAttribute
|
Example
{
"accessControlEnforcement": "SUPPORTED",
"ipBasedAccessRestrictions": "SUPPORTED",
"samlAuthentication": "SUPPORTED"
}
CatalogApplicationListInput
BetaFields
| Input Field | Description |
|---|---|
filter - [CatalogApplicationFilterInput!]
|
|
paging - PagingInput
|
|
sort - CatalogApplicationSortInput
|
Example
{
"filter": [CatalogApplicationFilterInput],
"paging": PagingInput,
"sort": CatalogApplicationSortInput
}
CatalogApplicationListPayload
BetaFields
| Field Name | Description |
|---|---|
application - [CatalogApplication!]!
|
|
pageInfo - PageInfo!
|
Example
{
"application": [CatalogApplication],
"pageInfo": PageInfo
}
CatalogApplicationSecurityAttributes
BetaFields
Example
{
"auditTrail": "SUPPORTED",
"dataDeletionPolicy": "AFTER_ACCOUNT_DELETION",
"dataOwnership": "CUSTOMER_OWNS_DATA",
"dataRetentionPolicy": "CONFIGURABLE_BY_USER",
"dataSegregatedByTenant": "SUPPORTED",
"disasterRecovery": "SUPPORTED",
"encryptionAtRest": "SUPPORTED",
"encryptionInTransit": "SUPPORTED",
"encryptionStrengthAtRest": "ENCRYPTION_128_BIT",
"httpSecurityHeaders": "SUPPORTED",
"mfa": "SUPPORTED",
"physicalDataCenterSecurity": "SUPPORTED",
"privacyPolicyUrl": "xyz789",
"rbac": "SUPPORTED",
"rememberPassword": "SUPPORTED",
"sso": "SUPPORTED",
"termsOfUseCustomerProtectionUrl": "xyz789",
"tlsEnforcement": "SUPPORTED",
"tlsVersionSupport": "TLS_1_1_OR_OLDER",
"trustedCertificate": "SUPPORTED",
"weakCipherSupport": "DES_3"
}
CatalogApplicationSortInput
BetaFields
| Input Field | Description |
|---|---|
category - CatalogApplicationCategorySortInput
|
|
description - SortOrderInput
|
|
name - SortOrderInput
|
|
risk - SortOrderInput
|
|
type - SortOrderInput
|
Example
{
"category": CatalogApplicationCategorySortInput,
"description": SortOrderInput,
"name": SortOrderInput,
"risk": SortOrderInput,
"type": SortOrderInput
}
CatalogApplicationTlsVersionSupport
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"TLS_1_1_OR_OLDER"
CatalogApplicationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"APPLICATION"
CatalogApplicationTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - CatalogApplicationType
|
|
in - [CatalogApplicationType!]
|
|
neq - CatalogApplicationType
|
|
nin - [CatalogApplicationType!]
|
Example
{
"eq": "APPLICATION",
"in": ["APPLICATION"],
"neq": "APPLICATION",
"nin": ["APPLICATION"]
}
CatalogApplicationWeakCipherSupport
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"DES_3"
CatoActivity
Description
CatoActivity is an object type representing an activity in a Cato alert, containing unique identifiers for the activity itself, the preceding resource, and the involved resource.
Example
{"id": 4, "parentResourceId": 4, "resourceId": 4}
CatoEndpoint
BetaDescription
The CatoEndpoint object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate details about a security incident detected by an Endpoint Protection Platform (EPP). It includes fields such as threat alerts, analyst feedback, connection type, criticality score, device details, timestamps for incident signals, and various enums and strings that describe the incident's status, source, and producer.
Fields
| Field Name | Description |
|---|---|
alerts - [CatoEndpointAlert!]!
|
Details for the threat detected by the EPP |
analystFeedback - AnalystFeedback
|
Fields related to analysts research of the threat incident |
categories - [IncidentCategory!]!
|
|
connectionType - ConnectionTypeEnum
|
enum for the connection for this incident (ie. host, user) |
criticality - Int
|
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
Description of the threat |
device - CatoEndpointDeviceDetails
|
Details for the EPP device (ie. device name, OS, MAC address) |
engineType - StoryEngineTypeEnum
|
enum that shows XDR engine involved with the incident |
entities - [IncidentEntity!]!
|
|
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
id - ID!
|
ID for the Endpoint Protection story |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
muted - Boolean!
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
enum for the Producer (specific XDR engine or service) involved with the incident use 'producerType' instead |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
producerType - StoryProducerEnum!
|
|
queryName - String
|
|
research - Boolean
|
TRUE indicates that the story is currently being researched by Security Analysts |
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
Cato ID and name for the site |
siteName - String
|
Site name related to the story |
source - String
|
IP address, name of device, or SDP user on your network involved in the story |
sourceIp - String
|
Source IP address of the device in your network sending or receiving the flow |
status - StoryStatusEnum
|
Enum for the status of this story (ie. Open, Closed, Monitoring) |
storyDuration - Int
|
Amount of time since the story was opened (no value for closed stories) |
ticket - String
|
The ticket for this story |
user - UserRef
|
Cato ID and name for the site |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
Example
{
"alerts": [CatoEndpointAlert],
"analystFeedback": AnalystFeedback,
"categories": ["OPERATIONAL"],
"connectionType": "Host",
"criticality": 123,
"description": "abc123",
"device": CatoEndpointDeviceDetails,
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"firstSignal": "2007-12-03T10:15:30Z",
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"muted": false,
"predictedThreatType": "xyz789",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"producerType": "AnomalyEvents",
"queryName": "abc123",
"research": true,
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "abc123",
"sourceIp": "xyz789",
"status": "Closed",
"storyDuration": 123,
"ticket": "xyz789",
"user": UserRef,
"vendor": "CATO"
}
CatoEndpointAlert
Description
The CatoEndpointAlert object represents an alert generated by Cato's endpoint protection system, detailing information about detected threats, including associated activities, threat description, criticality level, endpoint protection profile, and remediation status.
Fields
| Field Name | Description |
|---|---|
activities - [CatoActivity!]!
|
Unique Cato IDs for the activities related to the alert |
createdDateTime - DateTime
|
Timestamp that the threat was detected and the alert generated |
criticality - Int
|
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
Description of the threat |
endpointProtectionProfile - String
|
EPP profile that is assigned to this device |
engineType - CatoEndpointEngineType
|
Enum for the EPP engine related to this story |
externalIp - String
|
|
id - ID!
|
Unique Cato ID for the Endpoint Protection story |
localIp - String
|
|
mitreSubTechnique - [Mitre!]!
|
MITRE ATT&CK® sub-technique for the threat |
mitreTechnique - [Mitre!]!
|
MITRE ATT&CK® technique for the threat |
resources - [CatoResource!]!
|
Data for the remediation status of the alert |
status - RemediationStatusEnum
|
Enum for the remediation status of the EPP alert |
threatName - String
|
Name of threat detected on the device |
title - String
|
Title of the endpoint alert |
Example
{
"activities": [CatoActivity],
"createdDateTime": "2007-12-03T10:15:30Z",
"criticality": 987,
"description": "abc123",
"endpointProtectionProfile": "xyz789",
"engineType": "AntiMalware",
"externalIp": "xyz789",
"id": 4,
"localIp": "xyz789",
"mitreSubTechnique": [Mitre],
"mitreTechnique": [Mitre],
"resources": [CatoResource],
"status": "BLOCKED",
"threatName": "abc123",
"title": "xyz789"
}
CatoEndpointDeviceDetails
Description
The CatoEndpointDeviceDetails object represents detailed information about a device, including its name, unique ID, logged-on users, MAC address, and operating system details.
Fields
| Field Name | Description |
|---|---|
deviceName - String
|
Name of the device |
externalIp - String
|
|
id - ID!
|
Unique Cato ID for this story |
localIp - String
|
|
loggedOnUsers - [EndpointUser!]!
|
Data for one or more users logged in to the device |
macAddress - String
|
MAC address of the device |
osDetails - OsDetails
|
OS data (ie. type, build, version) |
Example
{
"deviceName": "xyz789",
"externalIp": "abc123",
"id": 4,
"localIp": "xyz789",
"loggedOnUsers": [EndpointUser],
"macAddress": "xyz789",
"osDetails": OsDetails
}
CatoEndpointEngineType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"AntiMalware"
CatoEndpointUser
Description
The CatoEndpointUser is a GraphQL object type representing a user, with fields for a unique identifier (id) and a username (name), both of which are required.
Example
{
"id": "4",
"name": "xyz789"
}
CatoFileResource
Description
The CatoFileResource is a GraphQL object type that represents a file resource with fields for its creation timestamp, detection and remediation statuses, file details, and a unique identifier.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
Timestamp that the this file resource was used |
detectionStatus - DetectionStatusEnum
|
Enum for the detection status of this file resource |
fileDetails - FileDetails
|
Details of the file related to this resource |
id - ID!
|
Unique Cato ID for this file resource |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this file resource |
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"detectionStatus": "BLOCKED",
"fileDetails": FileDetails,
"id": "4",
"remediationStatus": "BLOCKED"
}
CatoProcessResource
Description
The CatoProcessResource is a GraphQL object type that represents a process resource, including details such as a unique Cato ID, the timestamp of usage, associated file details, command line information, process ID, remediation status, and the related user account.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
Timestamp that the this resource was used |
id - ID!
|
Unique Cato ID for this resource |
imageFile - FileDetails
|
Details of the file related to this process |
processCommandLine - String
|
CLI command related to this process |
processId - Int!
|
ID for the process |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this resource |
userAccount - EndpointUser
|
User account related to this process |
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"id": 4,
"imageFile": FileDetails,
"processCommandLine": "abc123",
"processId": 123,
"remediationStatus": "BLOCKED",
"userAccount": EndpointUser
}
CatoResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique Cato ID for this EPP resource |
createdDateTime - DateTime
|
Timestamp that the this resource was used |
remediationStatus - RemediationStatusEnum
|
Enum for the remediation status associated with this resource |
Possible Types
| CatoResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED"
}
CellularDisconnectionReason
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"REASON_NONE"
CellularInterface
Fields
| Field Name | Description |
|---|---|
apn - String
|
Represents the Access Point Name (e.g., uwap.orange.co.il). Configurable from Socket WebUI or SIM switch. |
apnSelectionMethod - ApnMethod
|
Determines how the APN is selected. Valid values are Auto or Manual (configurable in WebUI). |
disconnectionReason - CellularDisconnectionReason
|
Displays the reason for the modem disconnecting. Valid values are 0 (No reason provided) or 1 (The session timed out). |
iccid - String
|
Unique identifier (20-digit number) for the modem. |
imei - String
|
Unique identifier (15-digit number) for a specific SIM. |
isModemConnected - Boolean!
|
Indicates if the cellular modem is currently connected to the internet. |
isModemSuspended - Boolean!
|
Indicates if the modem is currently suspended. |
isRoamingAllowed - Boolean!
|
Indicates whether roaming is enabled. |
isSimSlot1Detected - Boolean!
|
Indicates whether a SIM is detected in the first slot. |
isSimSlot2Detected - Boolean!
|
Indicates whether a SIM is detected in the second slot. |
modemStatus - CellularModemStatus
|
Represents the current status of the modem. Valid values are Error, OK, or Unknown. |
networkType - CellularNetworkType
|
2G, 3G, or 4G |
operatorName - String
|
Displays the operator or carrier name, such as Verizon. |
signalStrength - String
|
Represents the signal strength of the cellular connection, in units of calculation. |
simNumber - String
|
The phone number associated with the SIM. |
simSlotId - Int
|
Shows the currently active SIM slot; the other slot is in standby. Slot 1 is active by default. |
Example
{
"apn": "abc123",
"apnSelectionMethod": "METHOD_AUTO",
"disconnectionReason": "REASON_NONE",
"iccid": "xyz789",
"imei": "abc123",
"isModemConnected": false,
"isModemSuspended": true,
"isRoamingAllowed": false,
"isSimSlot1Detected": true,
"isSimSlot2Detected": false,
"modemStatus": "STATUS_ERROR",
"networkType": "TYPE_2G",
"operatorName": "xyz789",
"signalStrength": "xyz789",
"simNumber": "abc123",
"simSlotId": 987
}
CellularModemStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"STATUS_ERROR"
CellularNetworkType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"TYPE_2G"
ClientConnectivityActionEnum
BetaDescription
The action applied by the client connectivity if the rule is matched
Values
| Enum Value | Description |
|---|---|
|
|
Allow WAN and Internet |
|
|
Allow Internet |
|
|
Block |
Example
"ALLOW"
ClientConnectivityAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - ClientConnectivityActionEnum!
|
The action applied by the client connectivity if the rule is matched Default |
confidenceLevel - ClientConnectivityConfidenceLevelEnum!
|
User confidence level Default |
connectionOrigin - [ClientConnectivityOriginEnum!]!
|
Connection origin matching criteria. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. Default |
country - [CountryRefInput!]!
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
description - String!
|
|
device - [DeviceProfileRefInput!]!
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
enabled - Boolean!
|
|
name - String!
|
|
platform - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
source - ClientConnectivitySourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
sourceRange - [ClientConnectivitySourceRangeInput!]!
|
Public ISP IP Range matching criteria. Default |
Example
{
"action": "ALLOW",
"confidenceLevel": "ANY",
"connectionOrigin": ["ANY"],
"country": [CountryRefInput],
"description": "abc123",
"device": [DeviceProfileRefInput],
"enabled": true,
"name": "abc123",
"platform": ["ANDROID"],
"source": ClientConnectivitySourceInput,
"sourceRange": [ClientConnectivitySourceRangeInput]
}
ClientConnectivityAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - ClientConnectivityAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": ClientConnectivityAddRuleDataInput
}
ClientConnectivityConfidenceLevelEnum
BetaDescription
Describe how reliable the user's authentication is
Values
| Enum Value | Description |
|---|---|
|
|
The user has authenticated the Client and the Cato token is either valid or expired |
|
|
High Confidence - User authenticated and the token is valid |
|
|
Low Confidence - User authenticated, but the token has expired |
Example
"ANY"
ClientConnectivityOriginEnum
BetaDescription
Defines Origin of the connection
Values
| Enum Value | Description |
|---|---|
|
|
Any connection origin |
|
|
User is connecting from the client |
|
|
User is connecting from the browser extension |
Example
"ANY"
ClientConnectivityPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [ClientConnectivityRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [ClientConnectivityRulePayload],
"sections": [PolicySectionPayload]
}
ClientConnectivityPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
ClientConnectivityPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
ClientConnectivityPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - ClientConnectivityPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": ClientConnectivityPolicy,
"status": "FAILURE"
}
ClientConnectivityPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
ClientConnectivityRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
ClientConnectivityRule
BetaFields
| Field Name | Description |
|---|---|
action - ClientConnectivityActionEnum!
|
The action applied by the client connectivity if the rule is matched |
confidenceLevel - ClientConnectivityConfidenceLevelEnum!
|
User confidence level |
connectionOrigin - [ClientConnectivityOriginEnum!]!
|
Connection origin matching criteria. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
country - [CountryRef!]!
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String!
|
Description for the rule |
device - [DeviceProfileRef!]!
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
platform - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - ClientConnectivitySource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
sourceRange - [ClientConnectivitySourceRange!]!
|
Public ISP IP Range matching criteria. |
Example
{
"action": "ALLOW",
"confidenceLevel": "ANY",
"connectionOrigin": ["ANY"],
"country": [CountryRef],
"description": "xyz789",
"device": [DeviceProfileRef],
"enabled": true,
"id": 4,
"index": 123,
"name": "xyz789",
"platform": ["ANDROID"],
"section": PolicySectionInfo,
"source": ClientConnectivitySource,
"sourceRange": [ClientConnectivitySourceRange]
}
ClientConnectivityRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - ClientConnectivityRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": ClientConnectivityRulePayload,
"status": "FAILURE"
}
ClientConnectivityRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - ClientConnectivityRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": ClientConnectivityRule
}
ClientConnectivitySource
BetaDescription
Users or user groups that the policy will apply on
Fields
| Field Name | Description |
|---|---|
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
ClientConnectivitySourceInput
BetaDescription
Users or user groups that the policy will apply on
Fields
| Input Field | Description |
|---|---|
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ClientConnectivitySourceRange
BetaDescription
Public ISP IP Range for source matching
Fields
| Field Name | Description |
|---|---|
globalIpRange - GlobalIpRangeRef!
|
Globally defined IP range |
Example
{"globalIpRange": GlobalIpRangeRef}
ClientConnectivitySourceRangeInput
BetaDescription
Public ISP IP Range for source matching
Fields
| Input Field | Description |
|---|---|
globalIpRange - GlobalIpRangeRefInput!
|
Globally defined IP range |
Example
{"globalIpRange": GlobalIpRangeRefInput}
ClientConnectivitySourceUpdateInput
BetaDescription
Users or user groups that the policy will apply on
Fields
| Input Field | Description |
|---|---|
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ClientConnectivityUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - ClientConnectivityActionEnum
|
The action applied by the client connectivity if the rule is matched |
confidenceLevel - ClientConnectivityConfidenceLevelEnum
|
User confidence level |
connectionOrigin - [ClientConnectivityOriginEnum!]
|
Connection origin matching criteria. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
country - [CountryRefInput!]
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String
|
|
device - [DeviceProfileRefInput!]
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean
|
|
name - String
|
|
platform - [OperatingSystem!]
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - ClientConnectivitySourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
sourceRange - [ClientConnectivitySourceRangeInput!]
|
Public ISP IP Range matching criteria. |
Example
{
"action": "ALLOW",
"confidenceLevel": "ANY",
"connectionOrigin": ["ANY"],
"country": [CountryRefInput],
"description": "abc123",
"device": [DeviceProfileRefInput],
"enabled": false,
"name": "xyz789",
"platform": ["ANDROID"],
"source": ClientConnectivitySourceUpdateInput,
"sourceRange": [ClientConnectivitySourceRangeInput]
}
ClientConnectivityUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - ClientConnectivityUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": ClientConnectivityUpdateRuleDataInput
}
CloudApplicationRef
BetaCloudInterconnectConnectionConnectivity
BetaDescription
Connectivity status of a cloud interconnect connection.
Fields
| Field Name | Description |
|---|---|
success - Boolean!
|
Indicates if the connection is successful. |
Example
{"success": true}
CloudInterconnectConnectionConnectivityInput
BetaDescription
Input for checking the connectivity status of a cloud interconnect connection.
Fields
| Input Field | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": 4}
CloudInterconnectPhysicalConnection
BetaDescription
Details of a physical connection at a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
cVlan - Vlan
|
C-VLAN applicable only for QINQ connections. |
downstreamBwLimit - NetworkBandwidth!
|
Downstream bandwidth limit. |
encapsulationMethod - TaggingMethod!
|
Method of encapsulation. |
haRole - HaRole!
|
High availability role of the connection. Either Primary or Secondary. |
id - ID!
|
ID of the connection. |
popLocation - PopLocationRef!
|
Identifying data for the POP location. |
privateCatoIp - IPAddress!
|
Private IP address of Cato, used for BGP routing. |
privateSiteIp - IPAddress!
|
Private IP address of the site, used for BGP routing. |
serviceProviderName - String!
|
Name of the service provider. |
site - SiteRef!
|
Identifying data for the site. |
subnet - NetworkSubnet!
|
Subnet for the connection. |
sVlan - Vlan
|
S-VLAN applicable only for QINQ connections. |
upstreamBwLimit - NetworkBandwidth!
|
Upstream bandwidth limit. |
vlan - Vlan
|
VLAN applicable only for DOT1Q connections. |
Example
{
"cVlan": Vlan,
"downstreamBwLimit": NetworkBandwidth,
"encapsulationMethod": "DOT1Q",
"haRole": "PRIMARY",
"id": "4",
"popLocation": PopLocationRef,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"serviceProviderName": "xyz789",
"site": SiteRef,
"subnet": NetworkSubnet,
"sVlan": Vlan,
"upstreamBwLimit": NetworkBandwidth,
"vlan": Vlan
}
CloudInterconnectPhysicalConnectionId
BetaDescription
ID of a physical connection at a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": "4"}
CloudInterconnectPhysicalConnectionIdInput
BetaDescription
Input for getting the ID of a physical connection at a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
haRole - HaRole!
|
High availability role of the connection. |
site - SiteRefInput!
|
Identifying data for the site. |
Example
{"haRole": "PRIMARY", "site": SiteRefInput}
CloudInterconnectPhysicalConnectionInput
BetaDescription
Input for getting details of a physical connection at a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
id - ID!
|
ID of the connection. |
Example
{"id": "4"}
CommentType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"MANAGED_SERVICE"
ConnectionMode
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BIDIRECTIONAL"
ConnectionOriginEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ANY"
ConnectionTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"Host"
ConnectivityStatus
Values
| Enum Value | Description |
|---|---|
|
|
Connected to the Cato Cloud |
|
|
Disconnected from the Cato Cloud |
Example
"connected"
ContactDetails
BetaContactDetailsInput
BetaContainer
BetaDescription
A group with members of a single type of entity (for example: IPAddress, FQDN)
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique container ID |
name - String!
|
Name for the container |
description - String
|
Description for the container |
size - Int!
|
Number of items in the container |
audit - ContainerAudit!
|
Audit metadata about the container |
syncData - ContainerSyncData
|
Information about automatic synchronization of the container |
syncDataAudit - ContainerSyncDataAudit
|
Audit information about the last synchronization of the container |
Possible Types
| Container Types |
|---|
Example
{
"id": "4",
"name": "xyz789",
"description": "abc123",
"size": 123,
"audit": ContainerAudit,
"syncData": ContainerSyncData,
"syncDataAudit": ContainerSyncDataAudit
}
ContainerAudit
BetaDescription
Audit metadata about the container
Example
{
"createdAt": "2007-12-03T10:15:30Z",
"createdBy": "abc123",
"lastModifiedAt": "2007-12-03T10:15:30Z",
"lastModifiedBy": "xyz789"
}
ContainerFileType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"CSV"
ContainerRef
BetaContainerRefInput
BetaDescription
Add a container by ID or name
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "xyz789"}
ContainerSearchInput
BetaDescription
Filtering input to container search
Fields
| Input Field | Description |
|---|---|
refs - [ContainerRefInput!]!
|
Allows filtering container search by container ID or container name Default |
types - [ContainerType!]!
|
Allows filtering container search by specific container types Default |
Example
{"refs": [ContainerRefInput], "types": ["FQDN"]}
ContainerSearchPayload
BetaDescription
Container search result, including all containers that matched input criteria
Fields
| Field Name | Description |
|---|---|
containers - [Container!]!
|
A list of matched containers |
Example
{"containers": [Container]}
ContainerSyncData
BetaDescription
Information about automatic synchronization of the container
Fields
| Field Name | Description |
|---|---|
fileType - ContainerFileType
|
File type that is synchronized |
notifications - ContainerSyncDataNotification!
|
Notifications for sync data |
timeInterval - Int!
|
Interval of time between synchronizations |
timeUnit - ContainerSyncDataTimeUnit!
|
Unit of time for the interval |
url - Url!
|
URL from which the container is synchronized |
Example
{
"fileType": "CSV",
"notifications": ContainerSyncDataNotification,
"timeInterval": 123,
"timeUnit": "DAY",
"url": Url
}
ContainerSyncDataAudit
BetaDescription
Audit information about the last synchronization of the container
Example
{
"errorMsg": "xyz789",
"lastSyncAttempt": "2007-12-03T10:15:30Z",
"lastSynced": "2007-12-03T10:15:30Z"
}
ContainerSyncDataNotification
BetaFields
| Field Name | Description |
|---|---|
mailingList - [SubscriptionMailingListRef!]!
|
|
subscriptionGroup - [SubscriptionGroupRef!]!
|
|
webhook - [SubscriptionWebhookRef!]!
|
Example
{
"mailingList": [SubscriptionMailingListRef],
"subscriptionGroup": [SubscriptionGroupRef],
"webhook": [SubscriptionWebhookRef]
}
ContainerSyncDataTimeUnit
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DAY"
ContainerType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"FQDN"
CountryRef
BetaCountryRefFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - CountryRefInput
|
|
in - [CountryRefInput!]
|
|
neq - CountryRefInput
|
|
nin - [CountryRefInput!]
|
Example
{
"eq": CountryRefInput,
"in": [CountryRefInput],
"neq": CountryRefInput,
"nin": [CountryRefInput]
}
CountryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
CreateBasicAuthInput
CreateBearerTokenAuthInput
Fields
| Input Field | Description |
|---|---|
bearerToken - Secret!
|
Example
{"bearerToken": Secret}
CreateContainerSyncDataInput
BetaDescription
Create synchronization data for a container
Fields
| Input Field | Description |
|---|---|
notifications - CreateContainerSyncDataNotificationInput!
|
|
timeInterval - Int!
|
|
timeUnit - ContainerSyncDataTimeUnit!
|
|
url - Url!
|
Example
{
"notifications": CreateContainerSyncDataNotificationInput,
"timeInterval": 123,
"timeUnit": "DAY",
"url": Url
}
CreateContainerSyncDataNotificationInput
BetaFields
| Input Field | Description |
|---|---|
mailingList - [SubscriptionMailingListRefInput!]!
|
|
subscriptionGroup - [SubscriptionGroupRefInput!]!
|
|
webhook - [SubscriptionWebhookRefInput!]!
|
Example
{
"mailingList": [SubscriptionMailingListRefInput],
"subscriptionGroup": [SubscriptionGroupRefInput],
"webhook": [SubscriptionWebhookRefInput]
}
CreateCustomHeaderAuthInput
CreateFqdnContainerFromFileInput
BetaDescription
Input for creating FQDN typed container from file
Fields
| Input Field | Description |
|---|---|
description - String!
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
name - String!
|
Name for the container |
uploadFile - Upload
|
Multipart file containing FQDNs with fileType delimiter |
Example
{
"description": "abc123",
"fileType": "CSV",
"name": "xyz789",
"uploadFile": Upload
}
CreateFqdnContainerFromFilePayload
BetaDescription
Payload of CreateFromFile operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
CreateFqdnContainerFromListInput
BetaCreateFqdnContainerFromListPayload
BetaDescription
Payload of CreateFromList operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
CreateFqdnContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
fileType - ContainerFileType!
|
|
name - String!
|
|
syncData - CreateContainerSyncDataInput!
|
Example
{
"description": "xyz789",
"fileType": "CSV",
"name": "abc123",
"syncData": CreateContainerSyncDataInput
}
CreateFqdnContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Example
{"container": FqdnContainer}
CreateGroupInput
BetaDescription
Create a new group
Fields
| Input Field | Description |
|---|---|
description - String
|
Optional description for the group |
members - [GroupMemberRefTypedInput!]
|
Initial list of members for the new group. There is a maximum of 500 members per createGroup mutation |
name - String!
|
The name of the new group |
Example
{
"description": "abc123",
"members": [GroupMemberRefTypedInput],
"name": "abc123"
}
CreateGroupPayload
BetaDescription
The created group object.
Fields
| Field Name | Description |
|---|---|
group - Group!
|
Example
{"group": Group}
CreateIpAddressRangeContainerFromFileInput
BetaDescription
Input for creating IPAddressRange typed container from file
Fields
| Input Field | Description |
|---|---|
description - String!
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
name - String!
|
Name for the container |
uploadFile - Upload
|
Multipart file containing IPAddressRanges with fileType delimiter |
Example
{
"description": "abc123",
"fileType": "CSV",
"name": "abc123",
"uploadFile": Upload
}
CreateIpAddressRangeContainerFromFilePayload
BetaDescription
Payload of CreateFromFile operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
CreateIpAddressRangeContainerFromListInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
name - String!
|
|
values - [IpAddressRangeInput!]!
|
Example
{
"description": "abc123",
"name": "xyz789",
"values": [IpAddressRangeInput]
}
CreateIpAddressRangeContainerFromListPayload
BetaDescription
Payload of CreateFromList operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
CreateIpAddressRangeContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
fileType - ContainerFileType!
|
|
name - String!
|
|
syncData - CreateContainerSyncDataInput!
|
Example
{
"description": "xyz789",
"fileType": "CSV",
"name": "xyz789",
"syncData": CreateContainerSyncDataInput
}
CreateIpAddressRangeContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Example
{"container": IpAddressRangeContainer}
CreateLocationDetailsInput
BetaFields
| Input Field | Description |
|---|---|
companyName - String
|
Company name (recipient) |
contact - ContactDetailsInput
|
Delivery contact detail |
postalAddress - PostalAddressInput!
|
Postal location |
vatId - String
|
Vat id (required for Brazil) |
Example
{
"companyName": "xyz789",
"contact": ContactDetailsInput,
"postalAddress": PostalAddressInput,
"vatId": "xyz789"
}
CreateMailingListInput
Fields
| Input Field | Description |
|---|---|
address - [Email!]
|
A list of email addresses. |
admin - [AdminRefInput!]
|
A list of existing CMA admins for your account. |
name - String!
|
The name of the Mailing List. |
Example
{
"address": [Email],
"admin": [AdminRefInput],
"name": "abc123"
}
CreateMailingListPayload
Description
Returns the details of a newly created Mailing List after a successful creation request.
Fields
| Field Name | Description |
|---|---|
mailingList - MailingList!
|
The newly created Mailing List. |
Example
{"mailingList": MailingList}
CreateSubscriptionGroupInput
Fields
| Input Field | Description |
|---|---|
integration - [IntegrationRefInput!]
|
Integrations (e.g. webhooks) included in the Subscription Group |
mailingList - [MailingListRefInput!]
|
Mailing Lists included in the Subscription Group |
name - String!
|
The Subscription Group name |
Example
{
"integration": [IntegrationRefInput],
"mailingList": [MailingListRefInput],
"name": "abc123"
}
CreateSubscriptionGroupPayload
Description
Response payload for creating a Subscription Group.
Fields
| Field Name | Description |
|---|---|
subscriptionGroup - SubscriptionGroup!
|
The newly created Subscription Group. |
Example
{"subscriptionGroup": SubscriptionGroup}
CreateWebhookAuthInput
Description
Authentication configuration for creating a webhook integration. Only one authentication method should be provided. If null, no authentication will be used.
Fields
| Input Field | Description |
|---|---|
basic - CreateBasicAuthInput
|
Basic authentication (username/password). |
bearer - CreateBearerTokenAuthInput
|
Bearer token authentication. |
custom - CreateCustomHeaderAuthInput
|
Custom header authentication. |
Example
{
"basic": CreateBasicAuthInput,
"bearer": CreateBearerTokenAuthInput,
"custom": CreateCustomHeaderAuthInput
}
CreateWebhookInput
Description
Defines parameters for a new webhook integration.
Fields
| Input Field | Description |
|---|---|
auth - CreateWebhookAuthInput!
|
Authentication configuration for the target service. |
body - String!
|
JSON body template. Use available fields with '$' prefix to define the webhook payload. See 'Understanding the JSON Fields for Alert Integrations' Knowledge Base article for details. |
enabled - Boolean
|
Enable or disable the webhook. Default |
header - [HttpHeaderNameValueInput]
|
Optional HTTP headers. |
name - String!
|
The webhook name |
relatedWebhookRef - WebhookIntegrationRefInput
|
Related webhook that provides the Correlation ID used for updates |
requestMethod - WebhookRequestMethod
|
HTTP method used when sending the webhook request (e.g., POST, PUT). Default |
responseMapping - [WebhookResponseMapEntryInput!]
|
Defines JSON path mappings used to extract values from the webhook response payload. At present, only a single mapping is supported, with the key "correlationId". The value must be a valid JSON path pointing to the field in the response payload that represents the correlation identifier (for example, result.sys_id). |
url - Url!
|
The URL of the target service |
Example
{
"auth": CreateWebhookAuthInput,
"body": "xyz789",
"enabled": false,
"header": [HttpHeaderNameValueInput],
"name": "xyz789",
"relatedWebhookRef": WebhookIntegrationRefInput,
"requestMethod": "POST",
"responseMapping": [WebhookResponseMapEntryInput],
"url": Url
}
CreateWebhookPayload
Description
Response payload for a webhook creation operation.
Fields
| Field Name | Description |
|---|---|
webhook - Webhook!
|
The newly created webhook integration. |
Example
{"webhook": Webhook}
Fields
| Field Name | Description |
|---|---|
category - [ApplicationCategoryRef!]!
|
|
criteria - [CustomApplicationCriteria!]!
|
|
description - String
|
|
id - ID!
|
|
name - String!
|
Example
{
"category": [ApplicationCategoryRef],
"criteria": [CustomApplicationCriteria],
"description": "abc123",
"id": "4",
"name": "abc123"
}
Fields
| Input Field | Description |
|---|---|
hasAny - [ApplicationCategoryRefInput!]
|
Example
{"hasAny": [ApplicationCategoryRefInput]}
Fields
| Field Name | Description |
|---|---|
destination - CustomApplicationDestination
|
|
port - [Port!]!
|
|
portRange - [PortRange!]!
|
|
protocol - IpProtocol!
|
Example
{
"destination": CustomApplicationDestination,
"port": [19532],
"portRange": [PortRange],
"protocol": "ANY"
}
Fields
| Input Field | Description |
|---|---|
destination - CustomApplicationDestinationInput
|
|
port - [Port!]!
|
|
portRange - [PortRangeInput!]!
|
|
protocol - IpProtocol!
|
Example
{
"destination": CustomApplicationDestinationInput,
"port": [19532],
"portRange": [PortRangeInput],
"protocol": "ANY"
}
Fields
| Field Name | Description |
|---|---|
destinationIp - CustomApplicationIp
|
|
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
Example
{
"destinationIp": CustomApplicationIp,
"domain": [Domain],
"fqdn": [Fqdn]
}
Fields
| Input Field | Description |
|---|---|
destinationIp - CustomApplicationIpInput
|
|
domain - [Domain!]
|
|
fqdn - [Fqdn!]
|
Example
{
"destinationIp": CustomApplicationIpInput,
"domain": [Domain],
"fqdn": [Fqdn]
}
Fields
| Input Field | Description |
|---|---|
category - [CustomApplicationCategoryFilterInput!]
|
|
freeText - FreeTextFilterInput
|
Free-text search across name field only |
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
Example
{
"category": [CustomApplicationCategoryFilterInput],
"freeText": FreeTextFilterInput,
"id": [IdFilterInput],
"name": [StringFilterInput]
}
Fields
| Field Name | Description |
|---|---|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"subnet": [NetworkSubnet]
}
Fields
| Input Field | Description |
|---|---|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
subnet - [NetworkSubnet!]
|
Example
{
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
Fields
| Input Field | Description |
|---|---|
filter - [CustomApplicationFilterInput!]
|
|
paging - PagingInput
|
|
sort - CustomApplicationSortInput
|
Example
{
"filter": [CustomApplicationFilterInput],
"paging": PagingInput,
"sort": CustomApplicationSortInput
}
Fields
| Field Name | Description |
|---|---|
items - [CustomApplication!]!
|
|
paging - PageInfo!
|
Example
{
"items": [CustomApplication],
"paging": PageInfo
}
CustomApplicationRef
BetaCustomApplicationRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
Fields
| Input Field | Description |
|---|---|
category - ApplicationCategorySortInput
|
|
description - SortOrderInput
|
|
name - SortOrderInput
|
Example
{
"category": ApplicationCategorySortInput,
"description": SortOrderInput,
"name": SortOrderInput
}
CustomCategoryRef
BetaCustomCategoryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
CustomHeaderAuth
CustomService
BetaDescription
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol
Fields
| Field Name | Description |
|---|---|
port - [Port!]
|
|
portRange - PortRange
|
|
protocol - IpProtocol!
|
Example
{
"port": [19532],
"portRange": PortRange,
"protocol": "ANY"
}
CustomServiceInput
BetaDescription
Add a Custom Service defined by a combination of L4 ports and an IP Protocol
Fields
| Input Field | Description |
|---|---|
port - [Port!]
|
|
portRange - PortRangeInput
|
|
protocol - IpProtocol!
|
Example
{
"port": [19532],
"portRange": PortRangeInput,
"protocol": "ANY"
}
CustomServiceIp
BetaFields
| Field Name | Description |
|---|---|
ip - IPAddress
|
|
ipRange - IpAddressRange
|
|
name - String!
|
Example
{
"ip": IPAddress,
"ipRange": IpAddressRange,
"name": "abc123"
}
CustomServiceIpInput
BetaFields
| Input Field | Description |
|---|---|
ip - IPAddress
|
|
ipRange - IpAddressRangeInput
|
|
name - String!
|
Example
{
"ip": IPAddress,
"ipRange": IpAddressRangeInput,
"name": "xyz789"
}
DataLakeLicense
BetaFields
| Field Name | Description |
|---|---|
description - String
|
|
dpaVersion - DpaVersion!
|
The version of the Data Processing Agreement (DPA) that your company signed with Cato. |
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
retentionPeriod - Int
|
Data retention period, in months, during which the account data may remain on the Cato Cloud. After this period the data will be permanently deleted. |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
Total number of the Data Storage Units under this license. Each Data Storage Unit increases the allowed ingestion rate (events per hour and total events storage) |
Example
{
"description": "abc123",
"dpaVersion": "DPA_2019_01",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"retentionPeriod": 987,
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
DataQuery
Fields
| Field Name | Description |
|---|---|
buckets - Int
|
|
dataSource - DataSourceEnum
|
|
fields - [String!]!
|
|
filters - [QueryParameter!]!
|
|
measures - [MeasuresParameters!]!
|
Example
{
"buckets": 987,
"dataSource": "AppStats",
"fields": ["abc123"],
"filters": [QueryParameter],
"measures": [MeasuresParameters]
}
DataSourceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AppStats"
Date
BetaDescription
2006-01-02
Example
"2007-12-03"
DateTime
Description
2006-01-02T15:04:05Z07:00 (RFC3339)
Example
"2007-12-03T10:15:30Z"
DateTimeFilterInput
BetaFields
| Input Field | Description |
|---|---|
between - [DateTime!]
|
|
eq - DateTime
|
|
gt - DateTime
|
|
gte - DateTime
|
|
in - [DateTime!]
|
|
lt - DateTime
|
|
lte - DateTime
|
|
neq - DateTime
|
|
nin - [DateTime!]
|
Example
{
"between": ["2007-12-03T10:15:30Z"],
"eq": "2007-12-03T10:15:30Z",
"gt": "2007-12-03T10:15:30Z",
"gte": "2007-12-03T10:15:30Z",
"in": ["2007-12-03T10:15:30Z"],
"lt": "2007-12-03T10:15:30Z",
"lte": "2007-12-03T10:15:30Z",
"neq": "2007-12-03T10:15:30Z",
"nin": ["2007-12-03T10:15:30Z"]
}
DateValue
Fields
| Field Name | Description |
|---|---|
date - DateTime
|
Example
{"date": "2007-12-03T10:15:30Z"}
DayOfWeek
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"FRIDAY"
DefenderIncidentStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
DegradedDetail
Fields
| Field Name | Description |
|---|---|
args - DegradedStatusArgs
|
|
reason - DegradedStatusReason!
|
Example
{
"args": DegradedStatusSocketVersionsArgs,
"reason": "ALT_WAN_DISCONNECTED"
}
DegradedStatus
Fields
| Field Name | Description |
|---|---|
degradedDetails - [DegradedDetail!]!
|
|
isDegraded - Boolean!
|
Example
{"degradedDetails": [DegradedDetail], "isDegraded": false}
DegradedStatusArgs
Example
DegradedStatusSocketVersionsArgs
DegradedStatusBasicDataArgs
DegradedStatusLastConnectedArgs
Fields
| Field Name | Description |
|---|---|
lastConnectedDate - DateTime
|
Example
{
"lastConnectedDate": "2007-12-03T10:15:30Z"
}
DegradedStatusMultiTunnelArgs
DegradedStatusReason
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALT_WAN_DISCONNECTED"
DegradedStatusSocketArgs
DegradedStatusSocketVersionsArgs
DeleteContainerInput
BetaDescription
Identification of container for delete operation
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
Example
{"ref": ContainerRefInput}
DeleteContainerPayload
BetaFields
| Field Name | Description |
|---|---|
container - Container!
|
The data of the container before it was deleted |
Example
{"container": Container}
Fields
| Input Field | Description |
|---|---|
customApplication - CustomApplicationRefInput!
|
Example
{"customApplication": CustomApplicationRefInput}
Fields
| Field Name | Description |
|---|---|
customApplication - CustomApplication!
|
Example
{"customApplication": CustomApplication}
DeleteGroupPayload
BetaDescription
The deleted group object
Fields
| Field Name | Description |
|---|---|
group - Group!
|
The group that was deleted |
Example
{"group": Group}
DeleteMailingListPayload
Description
Returns the details of a deleted Mailing List after a successful request.
Fields
| Field Name | Description |
|---|---|
mailingList - MailingList!
|
The deleted Mailing List. |
Example
{"mailingList": MailingList}
Description
Delete report input
Fields
| Input Field | Description |
|---|---|
fileHash - String!
|
File hash (SHA-256) to be deleted |
Example
{"fileHash": "xyz789"}
Description
Delete report response
Fields
| Field Name | Description |
|---|---|
fileHash - String!
|
File hash (SHA-256) |
Example
{"fileHash": "xyz789"}
DeleteStoryCommentInput
BetaDeleteStoryCommentPayload
BetaFields
| Field Name | Description |
|---|---|
comment - StoryComment!
|
Delete an existing comment from an XDR story |
Example
{"comment": StoryComment}
DeleteSubscriptionGroupPayload
Description
Response payload for deleting a Subscription Group
Fields
| Field Name | Description |
|---|---|
subscriptionGroup - SubscriptionGroup!
|
The deleted Subscription Group. |
Example
{"subscriptionGroup": SubscriptionGroup}
DeleteWebhookPayload
Description
Response payload for a webhook deletion operation.
Fields
| Field Name | Description |
|---|---|
webhook - Webhook!
|
The deleted webhook integration. |
Example
{"webhook": Webhook}
DemLicense
BetaDescription
DEM service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
DestinationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"FQDN"
DetectionSourceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANTIVIRUS"
DetectionStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"BLOCKED"
DeviceAttributeCatalogInput
BetaFields
| Input Field | Description |
|---|---|
filter - StringFilterInput
|
|
paging - PagingInput
|
|
sort - SortOrderInput
|
Example
{
"filter": StringFilterInput,
"paging": PagingInput,
"sort": SortOrderInput
}
DeviceAttributeCatalogPayload
BetaFields
| Field Name | Description |
|---|---|
items - [String!]!
|
|
pageInfo - PageInfo!
|
Example
{
"items": ["abc123"],
"pageInfo": PageInfo
}
DeviceAttributes
BetaFields
| Field Name | Description |
|---|---|
category - [String!]!
|
The category of the firewall device. |
manufacturer - [String!]!
|
The manufacturer of the firewall device. |
model - [String!]!
|
The model of the firewall device. |
os - [String!]!
|
The operating system of the firewall device. |
osVersion - [String!]!
|
The version of the operating system of the firewall device. |
type - [String!]!
|
The type of the firewall device. |
Example
{
"category": ["abc123"],
"manufacturer": ["abc123"],
"model": ["xyz789"],
"os": ["xyz789"],
"osVersion": ["xyz789"],
"type": ["abc123"]
}
DeviceAttributesCatalogQueries
BetaFields
| Field Name | Description |
|---|---|
category - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
compliance - DeviceComplianceCatalogPayload!
|
|
Arguments
|
|
manufacturer - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
model - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
os - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
type - DeviceAttributeCatalogPayload!
|
|
Arguments
|
|
Example
{
"category": DeviceAttributeCatalogPayload,
"compliance": DeviceComplianceCatalogPayload,
"manufacturer": DeviceAttributeCatalogPayload,
"model": DeviceAttributeCatalogPayload,
"os": DeviceAttributeCatalogPayload,
"type": DeviceAttributeCatalogPayload
}
DeviceAttributesInput
BetaFields
| Input Field | Description |
|---|---|
category - [String!]!
|
The category of the firewall device. Default |
manufacturer - [String!]!
|
The manufacturer of the firewall device. Default |
model - [String!]!
|
The model of the firewall device. Default |
os - [String!]!
|
The operating system of the firewall device. Default |
osVersion - [String!]!
|
The version of the operating system of the firewall device. Default |
type - [String!]!
|
The type of the firewall device. Default |
Example
{
"category": ["xyz789"],
"manufacturer": ["abc123"],
"model": ["xyz789"],
"os": ["xyz789"],
"osVersion": ["xyz789"],
"type": ["xyz789"]
}
DeviceAttributesUpdateInput
BetaFields
| Input Field | Description |
|---|---|
category - [String!]
|
The category of the firewall device. |
manufacturer - [String!]
|
The manufacturer of the firewall device. |
model - [String!]
|
The model of the firewall device. |
os - [String!]
|
The operating system of the firewall device. |
osVersion - [String!]
|
The version of the operating system of the firewall device. |
type - [String!]
|
The type of the firewall device. |
Example
{
"category": ["abc123"],
"manufacturer": ["xyz789"],
"model": ["xyz789"],
"os": ["abc123"],
"osVersion": ["xyz789"],
"type": ["xyz789"]
}
DeviceAvStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"DISABLED"
DeviceComplianceCatalogInput
BetaFields
| Input Field | Description |
|---|---|
filter - DeviceComplianceFilterInput
|
|
paging - PagingInput
|
|
sort - DeviceComplianceSortInput
|
Example
{
"filter": DeviceComplianceFilterInput,
"paging": PagingInput,
"sort": DeviceComplianceSortInput
}
DeviceComplianceCatalogItem
BetaFields
| Field Name | Description |
|---|---|
applicationConnector - ApplicationConnectorCatalogEntityRef!
|
|
state - String!
|
Example
{
"applicationConnector": ApplicationConnectorCatalogEntityRef,
"state": "xyz789"
}
DeviceComplianceCatalogPayload
BetaFields
| Field Name | Description |
|---|---|
items - [DeviceComplianceCatalogItem!]!
|
|
pageInfo - PageInfo!
|
Example
{
"items": [DeviceComplianceCatalogItem],
"pageInfo": PageInfo
}
DeviceComplianceFilterInput
BetaFields
| Input Field | Description |
|---|---|
applicationConnector - ApplicationConnectorCatalogEntityRefFilterInput
|
|
state - StringFilterInput
|
Example
{
"applicationConnector": ApplicationConnectorCatalogEntityRefFilterInput,
"state": StringFilterInput
}
DeviceComplianceSortInput
BetaFields
| Input Field | Description |
|---|---|
applicationConnector - ApplicationConnectorCatalogEntityRefSortOrderInput
|
|
state - SortOrderInput
|
Example
{
"applicationConnector": ApplicationConnectorCatalogEntityRefSortOrderInput,
"state": SortOrderInput
}
DeviceConfidenceLevel
BetaValues
| Enum Value | Description |
|---|---|
|
|
Device classification is strongly validated by multiple signals |
|
|
Device classification has minimal supporting evidence |
|
|
Device classification has moderate supporting signals |
Example
"HIGH"
DeviceConfidenceLevelFilterInput
BetaDescription
Filter input for device confidence level with equality and inclusion operators
Fields
| Input Field | Description |
|---|---|
eq - DeviceConfidenceLevel
|
Equals - exact confidence level match |
in - [DeviceConfidenceLevel!]
|
In - match any of the specified confidence levels |
neq - DeviceConfidenceLevel
|
Not equals - exclude specific confidence level |
nin - [DeviceConfidenceLevel!]
|
Not in - exclude all specified confidence levels |
Example
{"eq": "HIGH", "in": ["HIGH"], "neq": "HIGH", "nin": ["HIGH"]}
DeviceConfigHaRoleEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"PRIMARY"
DeviceConnectionProfile
BetaFields
| Field Name | Description |
|---|---|
destApps - [String!]!
|
List of applications the device communicates with |
destDomains - [String!]!
|
Domains contacted by the device |
destHosts - [String!]!
|
Destination hosts accessed by the device |
directions - [String!]!
|
Traffic direction indicators (e.g., inbound, outbound) |
Example
{
"destApps": ["abc123"],
"destDomains": ["abc123"],
"destHosts": ["xyz789"],
"directions": ["xyz789"]
}
DeviceCsvExportInput
BetaDescription
Input for CSV export with optional filtering
Fields
| Input Field | Description |
|---|---|
filter - [DeviceV2FilterInput!]
|
Filter devices by various criteria before export |
Example
{"filter": [DeviceV2FilterInput]}
DeviceDetails
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
deviceName - String
|
|
osDetails - OsDetails
|
|
loggedOnUsers - [EndpointUser!]!
|
|
externalIp - String
|
|
localIp - String
|
Possible Types
| DeviceDetails Types |
|---|
Example
{
"id": "4",
"deviceName": "abc123",
"osDetails": OsDetails,
"loggedOnUsers": [EndpointUser],
"externalIp": "abc123",
"localIp": "abc123"
}
DeviceHaRoleStateEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BACKUP"
DeviceHealthStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
DeviceHw
BetaDeviceHwFilterInput
BetaFields
| Input Field | Description |
|---|---|
manufacturer - [StringFilterInput!]
|
|
model - [StringFilterInput!]
|
|
type - [StringFilterInput!]
|
Example
{
"manufacturer": [StringFilterInput],
"model": [StringFilterInput],
"type": [StringFilterInput]
}
DeviceHwSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
manufacturer - SortOrderInput
|
|
model - SortOrderInput
|
|
type - SortOrderInput
|
Example
{
"manufacturer": SortOrderInput,
"model": SortOrderInput,
"type": SortOrderInput
}
DeviceNetwork
BetaDeviceNetworkFilterInput
BetaFields
| Input Field | Description |
|---|---|
networkName - [StringFilterInput!]
|
|
subnet - [StringFilterInput!]
|
Example
{
"networkName": [StringFilterInput],
"subnet": [StringFilterInput]
}
DeviceNetworkRef
BetaTypes
| Union Types |
|---|
Example
SiteNetworkSubnetRef
DeviceNetworkSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
networkName - SortOrderInput
|
|
subnet - SortOrderInput
|
Example
{
"networkName": SortOrderInput,
"subnet": SortOrderInput
}
DeviceNic
BetaDescription
Represents a single network interface card (NIC) associated with a device
Fields
| Field Name | Description |
|---|---|
ip - IPAddress
|
The IP address currently or last associated with this interface |
macAddress - MacAddress
|
The unique MAC address of the device's network interface card |
network - DeviceNetworkRef
|
Reference to the network context (e.g., site subnet, floating subnet, or global IP range) associated with this interface |
site - SiteRef
|
Reference to the site where this interface was observed |
vendor - String
|
Manufacturer of the network interface (e.g., Intel, Broadcom) |
Example
{
"ip": IPAddress,
"macAddress": MacAddress,
"network": SiteNetworkSubnetRef,
"site": SiteRef,
"vendor": "abc123"
}
DeviceNicFilterInput
BetaFields
| Input Field | Description |
|---|---|
macAddress - [MacAddressFilterInput!]
|
|
vendor - [StringFilterInput!]
|
Example
{
"macAddress": [MacAddressFilterInput],
"vendor": [StringFilterInput]
}
DeviceNicSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
macAddress - SortOrderInput
|
|
vendor - SortOrderInput
|
Example
{
"macAddress": SortOrderInput,
"vendor": SortOrderInput
}
DeviceOs
BetaExample
{
"product": "xyz789",
"vendor": "xyz789",
"version": "xyz789"
}
DeviceOsFilterInput
BetaFields
| Input Field | Description |
|---|---|
product - [StringFilterInput!]
|
|
vendor - [StringFilterInput!]
|
|
version - [StringFilterInput!]
|
Example
{
"product": [StringFilterInput],
"vendor": [StringFilterInput],
"version": [StringFilterInput]
}
DeviceOsSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
product - SortOrderInput
|
|
vendor - SortOrderInput
|
|
version - SortOrderInput
|
Example
{
"product": SortOrderInput,
"vendor": SortOrderInput,
"version": SortOrderInput
}
DeviceProfileRef
BetaDeviceProfileRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
DeviceSiteSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
id - SortOrderInput
|
|
name - SortOrderInput
|
Example
{
"id": SortOrderInput,
"name": SortOrderInput
}
DeviceSnapshot
Fields
| Field Name | Description |
|---|---|
connected - Boolean
|
A boolean value that indicates if the site is connected to the Cato Cloud |
connectedSince - DateTime
|
For connected devices (this somewhat overlaps to last duration) |
deviceUptime - Int
|
Indicates the Socket uptime |
haRole - String
|
Shows if this is the primary or secondary Socket in high availability mode |
id - ID
|
Unique internal Cato ID for the Socket |
identifier - String
|
Unique identifier for the device |
interfaces - [InterfaceSnapshot!]
|
Snapshot data for outbound facing interfaces |
interfacesLinkState - [InterfaceLinkState!]
|
Information of the link state of various interfaces in the devices. Unlike the interfacess field, it contains all links of the device, not just the outbound facing ones |
internalIP - String
|
Device's internal IP in the account's routing table |
lastConnected - DateTime
|
The last time the device was seen |
lastDuration - Int
|
The uptime of the last tunnel from this device (or current), in seconds |
lastPopID - Int
|
The ID of the PoP that the Socket is connected to |
lastPopName - String
|
The PoP name that the Socket is connected to |
mfaCreationTime - Int
|
The time the mfa cookie (for sdp users) was created |
mfaExpirationTime - Int
|
Shows the amount of time remaining before the MFA token expires |
name - String
|
Name of the device |
osType - String
|
Operating system of the Device. |
osVersion - String
|
Version of the Socket operating system |
recentConnections - [RecentConnection!]
|
Data related to the most recent completed traffic flows |
releaseGroup - String
|
Shows the release group for the site |
socketInfo - SocketInfo
|
Shows data related to the Socket, such as version and serial number |
type - String
|
Shows the Socket model or vSocket type |
version - String
|
Device version |
versionNumber - Int
|
Device major version |
Example
{
"connected": true,
"connectedSince": "2007-12-03T10:15:30Z",
"deviceUptime": 123,
"haRole": "abc123",
"id": "4",
"identifier": "xyz789",
"interfaces": [InterfaceSnapshot],
"interfacesLinkState": [InterfaceLinkState],
"internalIP": "xyz789",
"lastConnected": "2007-12-03T10:15:30Z",
"lastDuration": 987,
"lastPopID": 123,
"lastPopName": "abc123",
"mfaCreationTime": 987,
"mfaExpirationTime": 987,
"name": "xyz789",
"osType": "xyz789",
"osVersion": "abc123",
"recentConnections": [RecentConnection],
"releaseGroup": "xyz789",
"socketInfo": SocketInfo,
"type": "xyz789",
"version": "abc123",
"versionNumber": 987
}
DeviceSortInput
BetaDescription
Input for sorting devices by various fields
Fields
| Input Field | Description |
|---|---|
category - SortOrderInput
|
Sort by device category |
confidence - SortOrderInput
|
Sort by classification confidence level |
firstSeen - SortOrderInput
|
Sort by first detection timestamp |
hw - DeviceHwSortOrderInput
|
Sort by hardware fields |
id - SortOrderInput
|
Sort by device unique identifier |
ip - SortOrderInput
|
Sort by IP address |
lastSeen - SortOrderInput
|
Sort by last activity timestamp |
name - SortOrderInput
|
Sort by device name |
network - DeviceNetworkSortOrderInput
|
Sort by network fields |
nic - DeviceNicSortOrderInput
|
Sort by network interface fields |
os - DeviceOsSortOrderInput
|
Sort by operating system fields |
riskScore - SortOrderInput
|
Sort by security risk score |
site - DeviceSiteSortOrderInput
|
Sort by site-related fields |
user - DeviceUserSortOrderInput
|
Sort by user-related fields |
Example
{
"category": SortOrderInput,
"confidence": SortOrderInput,
"firstSeen": SortOrderInput,
"hw": DeviceHwSortOrderInput,
"id": SortOrderInput,
"ip": SortOrderInput,
"lastSeen": SortOrderInput,
"name": SortOrderInput,
"network": DeviceNetworkSortOrderInput,
"nic": DeviceNicSortOrderInput,
"os": DeviceOsSortOrderInput,
"riskScore": SortOrderInput,
"site": DeviceSiteSortOrderInput,
"user": DeviceUserSortOrderInput
}
DeviceUserSortOrderInput
BetaFields
| Input Field | Description |
|---|---|
id - SortOrderInput
|
|
name - SortOrderInput
|
Example
{
"id": SortOrderInput,
"name": SortOrderInput
}
DeviceV2
BetaFields
| Field Name | Description |
|---|---|
category - String
|
Device category grouping based on role or type |
complianceState - String
|
Compliance posture of the device according to policy/integration checks (e.g., 'compliant', 'noncompliant', 'unknown') |
confidence - DeviceConfidenceLevel
|
Confidence score for device classification accuracy |
connectionProfile - DeviceConnectionProfile
|
Profile describing how the device connects to the network |
firstSeen - DateTime
|
Timestamp of when the device was first detected |
hw - DeviceHw
|
Hardware information for the device |
id - ID!
|
Unique identifier for the device record |
ip - String
|
Beta Use nics.ip instead |
ipAddress - IPAddress
|
Current or last known IP address of the device Beta Use nics.ip instead |
isManaged - Boolean!
|
True/false flag showing whether the device is under admin management |
lastSeen - DateTime
|
Timestamp of the most recent device activity |
name - String
|
Human-readable name of the device |
network - DeviceNetwork
|
Information about the network environment the device connects to Beta Use nics.network instead |
networkInfo - DeviceNetworkRef
|
Reference to the device's network (Rename to 'network' after fe is aligned) Beta Use nics.network instead |
nic - DeviceNic
|
Network interface card details for the device Beta Use nics instead |
nics - [DeviceNic!]!
|
List of network interface cards (NICs) associated with the device. Each entry represents a distinct interface |
originTypes - [OriginType!]!
|
The origins (e.g., integrations, data feeds) that detected the device |
os - DeviceOs
|
Operating system details of the device |
riskScore - Int
|
Numerical value representing the device's security risk |
site - SiteRef
|
Reference to the site where the device is located Beta Use nics.site instead |
user - UserRef
|
Reference to the user linked with this device |
Example
{
"category": "xyz789",
"complianceState": "xyz789",
"confidence": "HIGH",
"connectionProfile": DeviceConnectionProfile,
"firstSeen": "2007-12-03T10:15:30Z",
"hw": DeviceHw,
"id": "4",
"ip": "xyz789",
"ipAddress": IPAddress,
"isManaged": true,
"lastSeen": "2007-12-03T10:15:30Z",
"name": "abc123",
"network": DeviceNetwork,
"networkInfo": SiteNetworkSubnetRef,
"nic": DeviceNic,
"nics": [DeviceNic],
"originTypes": ["Armis"],
"os": DeviceOs,
"riskScore": 123,
"site": SiteRef,
"user": UserRef
}
DeviceV2FilterInput
BetaDescription
Input for filtering devices by various criteria
Fields
| Input Field | Description |
|---|---|
category - [StringFilterInput!]
|
Filter by device category |
complianceState - [StringFilterInput!]
|
Filter by compliance state criteria |
confidence - [DeviceConfidenceLevelFilterInput!]
|
Filter by classification confidence level |
firstSeen - [DateTimeFilterInput!]
|
Filter by first detection timestamp |
hw - DeviceHwFilterInput
|
Filter by hardware criteria |
id - [IdFilterInput!]
|
Filter by device unique identifier |
ipAddress - [IPAddressFilterInput!]
|
Filter by IP address |
isManaged - [BooleanFilterInput!]
|
Filter by management status |
lastSeen - [DateTimeFilterInput!]
|
Filter by last activity timestamp |
name - [StringFilterInput!]
|
Filter by device name |
network - DeviceNetworkFilterInput
|
Filter by network criteria |
nic - DeviceNicFilterInput
|
Filter by network interface criteria |
originTypes - [OriginTypeFilterInput!]
|
|
os - DeviceOsFilterInput
|
Filter by operating system criteria |
riskScore - [IntFilterInput!]
|
Filter by security risk score |
site - [SiteRefFilterInput!]
|
Filter by site reference |
user - [UserRefFilterInput!]
|
Filter by user reference |
Example
{
"category": [StringFilterInput],
"complianceState": [StringFilterInput],
"confidence": [DeviceConfidenceLevelFilterInput],
"firstSeen": [DateTimeFilterInput],
"hw": DeviceHwFilterInput,
"id": [IdFilterInput],
"ipAddress": [IPAddressFilterInput],
"isManaged": [BooleanFilterInput],
"lastSeen": [DateTimeFilterInput],
"name": [StringFilterInput],
"network": DeviceNetworkFilterInput,
"nic": DeviceNicFilterInput,
"originTypes": [OriginTypeFilterInput],
"os": DeviceOsFilterInput,
"riskScore": [IntFilterInput],
"site": [SiteRefFilterInput],
"user": [UserRefFilterInput]
}
DeviceV2Input
BetaFields
| Input Field | Description |
|---|---|
filter - [DeviceV2FilterInput!]
|
List of filter conditions applied to narrow down devices |
paging - PagingInput!
|
Paging input to control results (default limit = 100) Default |
sort - DeviceSortInput!
|
Sorting configuration (default: sort by id descending) Default |
Example
{
"filter": [DeviceV2FilterInput],
"paging": PagingInput,
"sort": DeviceSortInput
}
DevicesPayload
BetaFields
| Field Name | Description |
|---|---|
device - [DeviceV2!]!
|
List of devices returned by the query |
paging - PageInfo!
|
Metadata describing pagination details |
Example
{
"device": [DeviceV2],
"paging": PageInfo
}
DhcpRelayGroupRef
BetaDhcpType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"ACCOUNT_DEFAULT"
Dimension
Fields
| Input Field | Description |
|---|---|
fieldName - AppStatsFieldName!
|
Example
{"fieldName": "account_id"}
DimensionData
DimensionKey
DirectionEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"asc"
DirectionInput
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"asc"
DisableAccountPayload
BetaFields
| Field Name | Description |
|---|---|
accountInfo - AccountInfo!
|
General info of the disabled account |
Example
{"accountInfo": AccountInfo}
DlpContentProfileRef
BetaDlpContentProfileRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
DlpEdmProfileRef
BetaDlpEdmProfileRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
DlpLicense
BetaDescription
Data Loss Prevention (DLP) Service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
Domain
BetaDescription
Top level domain is actually second level domain (e.g. example.com) It is recommended to use as a broad way of distinguishing domains, because they frequently use multiple hosts.
Example
Domain
DownloadFqdnContainerFileInput
BetaDescription
Input for searching FQDN typed container to download its content
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
DownloadFqdnContainerFilePayload
BetaDownloadIpAddressRangeContainerFileInput
BetaDescription
Input for searching IPAddressRange typed container to download its content
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
DownloadIpAddressRangeContainerFilePayload
BetaDpaVersion
BetaDescription
The DPA agreement, based on your contract with Cato
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"DPA_2019_01"
DynamicIpAllocationAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]!
|
|
description - String!
|
|
enabled - Boolean!
|
|
name - String!
|
|
platform - [OperatingSystem!]!
|
|
range - DynamicIpAllocationRangeInput!
|
|
source - DynamicIpAllocationSourceInput!
|
Example
{
"country": [CountryRefInput],
"description": "xyz789",
"enabled": true,
"name": "abc123",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRangeInput,
"source": DynamicIpAllocationSourceInput
}
DynamicIpAllocationAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - DynamicIpAllocationAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": DynamicIpAllocationAddRuleDataInput
}
DynamicIpAllocationPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [DynamicIpAllocationRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [DynamicIpAllocationRulePayload],
"sections": [PolicySectionPayload]
}
DynamicIpAllocationPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
DynamicIpAllocationPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
DynamicIpAllocationPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - DynamicIpAllocationPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": DynamicIpAllocationPolicy,
"status": "FAILURE"
}
DynamicIpAllocationPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
DynamicIpAllocationRange
BetaFields
| Field Name | Description |
|---|---|
globalIpRange - GlobalIpRangeRef!
|
Example
{"globalIpRange": GlobalIpRangeRef}
DynamicIpAllocationRangeInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - GlobalIpRangeRefInput!
|
Example
{"globalIpRange": GlobalIpRangeRefInput}
DynamicIpAllocationRangeUpdateInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - GlobalIpRangeRefInput
|
Example
{"globalIpRange": GlobalIpRangeRefInput}
DynamicIpAllocationRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
DynamicIpAllocationRule
BetaFields
| Field Name | Description |
|---|---|
country - [CountryRef!]!
|
|
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
platform - [OperatingSystem!]!
|
|
range - DynamicIpAllocationRange!
|
|
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - DynamicIpAllocationSource!
|
Example
{
"country": [CountryRef],
"description": "xyz789",
"enabled": true,
"id": "4",
"index": 123,
"name": "xyz789",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRange,
"section": PolicySectionInfo,
"source": DynamicIpAllocationSource
}
DynamicIpAllocationRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - DynamicIpAllocationRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": DynamicIpAllocationRulePayload,
"status": "FAILURE"
}
DynamicIpAllocationRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - DynamicIpAllocationRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": DynamicIpAllocationRule
}
DynamicIpAllocationSource
BetaFields
| Field Name | Description |
|---|---|
user - [UserRef!]!
|
|
usersGroup - [UsersGroupRef!]!
|
Example
{
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
DynamicIpAllocationSourceInput
BetaFields
| Input Field | Description |
|---|---|
user - [UserRefInput!]!
|
|
usersGroup - [UsersGroupRefInput!]!
|
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
DynamicIpAllocationSourceUpdateInput
BetaFields
| Input Field | Description |
|---|---|
user - [UserRefInput!]
|
|
usersGroup - [UsersGroupRefInput!]
|
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
DynamicIpAllocationUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
country - [CountryRefInput!]
|
|
description - String
|
|
enabled - Boolean
|
|
name - String
|
|
platform - [OperatingSystem!]
|
|
range - DynamicIpAllocationRangeUpdateInput
|
|
source - DynamicIpAllocationSourceUpdateInput
|
Example
{
"country": [CountryRefInput],
"description": "abc123",
"enabled": false,
"name": "xyz789",
"platform": ["ANDROID"],
"range": DynamicIpAllocationRangeUpdateInput,
"source": DynamicIpAllocationSourceUpdateInput
}
DynamicIpAllocationUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - DynamicIpAllocationUpdateRuleDataInput!
|
Example
{"id": 4, "rule": DynamicIpAllocationUpdateRuleDataInput}
ElasticOperator
Description
Search operators on ElasticSearch. Between operators are applicable only to numeric fields Note that not operators are slower
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"between"
Description
Email address. E.g.: user@company.org
Example
Email
EmployeeRange
BetaValues
| Enum Value | Description |
|---|---|
|
|
1-10 employees |
|
|
11-50 employees |
|
|
51-100 employees |
|
|
101-250 employees |
|
|
251-500 employees |
|
|
501-1,000 employees |
|
|
1,001-5,000 employees |
|
|
5,001-10,000 employees |
|
|
10,000+ employees |
Example
"BETWEEN_00001_00010"
Endpoint
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
Unique Cato ID for the story |
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
engineType - StoryEngineTypeEnum
|
XDR engine involved with the incident |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
producer - StoryProducerEnum!
|
Enum for the Producer (specific XDR engine and service) involved with the incident use 'producerType' instead |
producerType - StoryProducerEnum!
|
|
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
connectionType - ConnectionTypeEnum
|
Enum for the connection for this incident (ie. site, host, user) |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
queryName - String
|
Category for the indication ID related to the story |
source - String
|
IP address, name of device, or SDP user on your network involved in the story |
criticality - Int
|
|
ticket - String
|
|
status - StoryStatusEnum
|
|
research - Boolean
|
|
siteName - String
|
|
storyDuration - Int
|
|
description - String
|
|
sourceIp - String
|
|
analystFeedback - AnalystFeedback
|
|
site - SiteRef
|
|
user - UserRef
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
|
categories - [IncidentCategory!]!
|
|
entities - [IncidentEntity!]!
|
|
muted - Boolean!
|
|
device - DeviceDetails
|
|
alerts - [EndpointAlert!]!
|
Possible Types
| Endpoint Types |
|---|
Example
{
"id": 4,
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerType": "AnomalyEvents",
"producerName": "abc123",
"connectionType": "Host",
"indication": "xyz789",
"queryName": "xyz789",
"source": "xyz789",
"criticality": 987,
"ticket": "abc123",
"status": "Closed",
"research": true,
"siteName": "abc123",
"storyDuration": 987,
"description": "abc123",
"sourceIp": "abc123",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"similarStoriesData": [SimilarStoryData],
"predictedVerdict": "Benign",
"predictedThreatType": "abc123",
"categories": ["OPERATIONAL"],
"entities": [IncidentEntity],
"muted": false,
"device": DeviceDetails,
"alerts": [EndpointAlert]
}
EndpointAlert
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
title - String
|
|
description - String
|
|
threatName - String
|
|
mitreTechnique - [Mitre!]!
|
|
mitreSubTechnique - [Mitre!]!
|
|
createdDateTime - DateTime
|
|
resources - [EndpointResource!]!
|
|
activities - [Activity!]!
|
|
criticality - Int
|
|
externalIp - String
|
|
localIp - String
|
Possible Types
| EndpointAlert Types |
|---|
Example
{
"id": 4,
"title": "xyz789",
"description": "xyz789",
"threatName": "abc123",
"mitreTechnique": [Mitre],
"mitreSubTechnique": [Mitre],
"createdDateTime": "2007-12-03T10:15:30Z",
"resources": [EndpointResource],
"activities": [Activity],
"criticality": 987,
"externalIp": "xyz789",
"localIp": "xyz789"
}
EndpointProtectionLicense
BetaDescription
End Point Protection (EPP) license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The maximum number of users that can use this service |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
EndpointResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
Possible Types
| EndpointResource Types |
|---|
Example
{
"id": 4,
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED"
}
EndpointUser
Possible Types
| EndpointUser Types |
|---|
Example
{
"id": "4",
"name": "abc123"
}
EngineTypePredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryEngineTypeEnum!]
|
|
not_in - [StoryEngineTypeEnum!]
|
Example
{"in": ["ANOMALY"], "not_in": ["ANOMALY"]}
EnterpriseDirectoryArchiveLocationPayload
BetaFields
| Field Name | Description |
|---|---|
location - Location!
|
The archived location |
Example
{"location": Location}
EnterpriseDirectoryCreateLocationInput
BetaFields
| Input Field | Description |
|---|---|
businessUnit - String
|
Business unit |
description - String
|
Description |
details - CreateLocationDetailsInput!
|
Location details |
name - String!
|
Location name |
type - LocationType!
|
Location type |
Example
{
"businessUnit": "abc123",
"description": "abc123",
"details": CreateLocationDetailsInput,
"name": "abc123",
"type": "BRANCH"
}
EnterpriseDirectoryCreateLocationPayload
BetaFields
| Field Name | Description |
|---|---|
location - Location!
|
The created location |
Example
{"location": Location}
EnterpriseDirectoryLocationListInput
BetaFields
| Input Field | Description |
|---|---|
filter - LocationFilterInput
|
|
paging - PagingInput
|
|
sort - LocationSortInput
|
Example
{
"filter": LocationFilterInput,
"paging": PagingInput,
"sort": LocationSortInput
}
EnterpriseDirectoryLocationListPayload
BetaFields
| Field Name | Description |
|---|---|
items - [Location!]!
|
The results |
pageInfo - PageInfo
|
Pagination details |
Example
{
"items": [Location],
"pageInfo": PageInfo
}
EnterpriseDirectoryRestoreLocationPayload
BetaFields
| Field Name | Description |
|---|---|
location - Location!
|
The restored location |
Example
{"location": Location}
EnterpriseDirectoryUpdateLocationInput
BetaFields
| Input Field | Description |
|---|---|
businessUnit - String
|
Business unit |
description - String
|
Description |
details - UpdateLocationDetailsInput
|
Location details |
id - ID!
|
Location id |
name - String
|
Location name |
type - LocationType
|
Location type |
Example
{
"businessUnit": "xyz789",
"description": "abc123",
"details": UpdateLocationDetailsInput,
"id": 4,
"name": "xyz789",
"type": "BRANCH"
}
EnterpriseDirectoryUpdateLocationPayload
BetaFields
| Field Name | Description |
|---|---|
location - Location!
|
The updated location |
Example
{"location": Location}
Entity
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String
|
|
type - EntityType!
|
Example
{
"id": "4",
"name": "xyz789",
"type": "account"
}
EntityAccess
BetaFields
| Field Name | Description |
|---|---|
action - RBACAction!
|
Example
{"action": "EDIT"}
EntityInfo
EntityInput
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
name - String
|
|
type - EntityType!
|
Example
{
"id": 4,
"name": "abc123",
"type": "account"
}
EntityLookupResult
Fields
| Field Name | Description |
|---|---|
items - [EntityInfo!]!
|
|
total - Int
|
Example
{"items": [EntityInfo], "total": 987}
EntityType
Values
| Enum Value | Description |
|---|---|
|
|
A reference to a configured Account under reseller |
|
|
An account administrator (user in Cato Console) |
|
|
An external IP address in a specific PoP reserved for the account |
|
|
Any entity (matches everything) |
|
|
Pooled licenses available for use |
|
|
Site licenses available for use |
|
|
A settlement with over 1K population |
|
|
Geographical and political entity recognized internationally |
|
|
Represents a state or territory within a country. It is a sub-division of the country |
|
|
A reference to DHCP Relay Group within account |
|
|
|
|
|
A reference to the configured Host within Site |
|
|
A reference to LAN Firewall Rule within Site |
|
|
A reference to Local Routing Rule within Site |
|
|
|
|
|
|
|
|
A reference to the configured Network Interface within Site |
|
|
Combination of protocol (TCP, UDP, TCP/UDP, ICMP) and port number |
|
|
l4 services for LAN firewall rules |
|
|
A reference to a configured Site within Account |
|
|
union of the globalRange and a Subnet |
|
|
Time zone, which is a geographical region where clocks are set to the same time |
|
|
A reference to the configured VPN User within Account |
|
|
Example
"account"
Event
Example
{
"action": "abc123",
"appId": "abc123",
"appName": "abc123",
"dnsProtectionCategory": "xyz789",
"eventType": "xyz789",
"ruleId": "xyz789",
"scanResult": "BYPASS_BY_CONTENT_RULE",
"severity": "xyz789",
"signatureId": "xyz789",
"threatName": "xyz789",
"threatType": "abc123",
"virusName": "abc123"
}
EventFeedFieldFilterInput
Fields
| Input Field | Description |
|---|---|
fieldName - EventFeedFilterFieldName!
|
|
operator - EventFeedFilterOperator!
|
Use event_type and event_sub_type for events |
values - [String!]
|
Example
{
"fieldName": "event_sub_type",
"operator": "in",
"values": ["xyz789"]
}
EventFeedFilterFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Sub-type for Routing, Security, Connectivity, System or Sockets Management event |
|
|
Routing, Security, Connectivity, System or Sockets Management event |
Example
"event_sub_type"
EventFeedFilterOperator
Description
Search operators on Event Feed
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"in"
EventField
Fields
| Field Name | Description |
|---|---|
name - EventFieldName!
|
|
value - Value!
|
Example
{"name": "access_method", "value": StringValue}
EventFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Identifies system access software or device. CMA Name: Access Method |
|
|
Identifier of the Wi‑Fi access point (AP) that this event was recorded on. CMA Name: Access Point ID |
|
|
Access Point Name. CMA Name: Access Point Name |
|
|
Account ID. CMA Name: Account ID |
|
|
Firewall, QoS or LAG action. CMA Name: Action |
|
|
A list of actions taken, if more than one action was taken as defined by a policy. CMA Name: Actions Taken |
|
|
The activity resource ID being referenced with resource type. CMA Name: Activity Resource ID |
|
|
Defines the type of entity performing the action, helping to distinguish between different categories of users. CMA Name: Actor Type |
|
|
Active Directory name. CMA Name: Active Directory Name |
|
|
The estimated risk level of the AI threat. CMA Name: Ai App Risk Level |
|
|
AI Proxy rule name. CMA Name: AI Proxy Rule Name |
|
|
A unique identifier of the alert notification. CMA Name: Alert id |
|
|
Always-on Configuration. CMA Name: Always-On |
|
|
Analyst Verdict. CMA Name: Analyst Verdict |
|
|
Anti Tamper Bypass Duration In Seconds. CMA Name: Anti Tamper Bypass Duration (Seconds) |
|
|
Anti Tamper Bypass Method. CMA Name: Anti Tamper Bypass Method |
|
|
Anti Tamper Bypass Result. CMA Name: Anti Tamper Bypass Result |
|
|
The name of the API, e.g. eventsFeed. CMA Name: Api Name |
|
|
Specifies whether the API is a query (read) or a mutation (create/update/delete). CMA Name: Api Type |
|
|
Name of application activity. CMA Name: Application Activity |
|
|
SaaS user activities into categories. CMA Name: App Activity Category |
|
|
Activity type. CMA Name: App Activity Type |
|
|
Related Apps. CMA Name: Related Apps |
|
|
Application ID of the flow. CMA Name: Application ID |
|
|
The name of the application associated with the flow. CMA Name: Application |
|
|
Application risk score. CMA Name: Application Risk |
|
|
Application type (Custom, Private or System). CMA Name: Application Type |
|
|
Connectivity authentication method: unauthenticated, OATH2, LDAP or VPN. CMA Name: Authentication Method |
|
|
Examples: MFA or password. CMA Name: Authentication Type |
|
|
BGP ASN for Cato peer. CMA Name: BGP Cato ASN |
|
|
BGP IP for Cato peer. CMA Name: BGP Cato IP |
|
|
BGP disconnect error code. CMA Name: BGP Disconnect Error Code |
|
|
BGP ASN for remote peer. CMA Name: BGP Peer ASN |
|
|
BGP IP for remote peer. CMA Name: BGP Peer IP |
|
|
CIDR for BGP route. CMA Name: BGP Router CIDR |
|
|
BGP disconnect error message. CMA Name: BGP Disconnect Sub-error Code |
|
|
The browser on which the extension is installed. CMA Name: Browser Type |
|
|
The current version of the browser. CMA Name: Browser Version |
|
|
Always-On Bypass Duration In Seconds. CMA Name: Bypass Duration (Seconds) |
|
|
Always-On Bypass Method. CMA Name: Bypass Method |
|
|
Always-On Bypass Reason. CMA Name: Bypass Reason |
|
|
Cato system category. CMA Name: Category |
|
|
Cato application name. CMA Name: Cato App |
|
|
Activity classification, e.g. FALSE_POSITIVE. CMA Name: Classification |
|
|
Expiration date for Client certificate. CMA Name: Certificate Expiration Date |
|
|
Name of Client certificate. CMA Name: Client Certificate Name |
|
|
Type of process generating this traffic. CMA Name: Client Class |
|
|
Admins can configure the Client connection mode to control which types of traffic are routed and protected by Cato. The available options are: All Ports and Protocols – Secures all application traffic across any port or protocol. Web-only (HTTPS) – Secures only browser-based traffic over HTTPS. CMA Name: Client Connection Mode |
|
|
Client IP address. CMA Name: Client IP |
|
|
The TLS key exchange algorithm negotiated between the Cato PoP and the origin server during TLS inspection. This is the algorithm used to establish the shared secret for encrypting traffic on the client-facing (outbound) side of the proxy. CMA Name: Client Key Exchange Algorithm |
|
|
Socket or SDP Client version. CMA Name: Client Version |
|
|
Shows the display name of the target user involved in an activity. CMA Name: Collaborator Name |
|
|
Identifies the origin of the target user involved in an activity. CMA Name: Collaborator Origin |
|
|
Shows the tenant of the target user involved in an activity. CMA Name: Collaborator Tenant |
|
|
For SaaS Security API, email addresses of the users that received the file. CMA Name: Collaborators |
|
|
Confidence Level. CMA Name: Confidence Level |
|
|
For hosts configured with a static IP in the Cato Management Application, the host name. CMA Name: Configured Host Name |
|
|
The algorithm that is used (CUBIC /NewReno / BBR). CMA Name: Congestion Algorithm |
|
|
Connect on boot Enabled/Disabled. CMA Name: Connect on Boot |
|
|
Connection Origin. CMA Name: Connection Origin |
|
|
For SaaS Security API, unique identifier of the connector. CMA Name: Connector ID |
|
|
For SaaS Security API, name of the connector. CMA Name: Connector Name |
|
|
For SaaS Security API, status of the connector. CMA Name: Connector Status |
|
|
For SaaS Security API, SaaS app for the connector. CMA Name: Connector Type |
|
|
IoC Container Name. CMA Name: Container Name |
|
|
An external system identifier used for correlation between related Cato entities. Example: external ticket id that correlates Cato XDR stories. CMA Name: Correlation ID |
|
|
CPU Core ID. CMA Name: Cpu Core ID |
|
|
Criticality. CMA Name: Criticality |
|
|
Custom category ID. CMA Name: Custom Category ID |
|
|
Custom category name. CMA Name: Custom Category Name |
|
|
For Internet traffic, country where the destination host is located. CMA Name: Destination Country |
|
|
For Internet traffic, the two letter country code where the destination host is located (based on ISO 3166-1 alpha-2). CMA Name: Destination Country Code |
|
|
Destination endpoint type (Site, SDP User, or App Connector). CMA Name: Destination Endpoint Type |
|
|
The unique identifier by the SaaS vendor for the target group in an activity. CMA Name: Dest Group ID |
|
|
Identifies the target group involved in an activity. CMA Name: Dest Group Name |
|
|
Destination IP address. CMA Name: Destination IP |
|
|
For WAN traffic, destination is site or SDP user. CMA Name: Destination is Site or SDP User |
|
|
The destination process ID. CMA Name: Destination Process PID |
|
|
Destination port. CMA Name: Destination Port |
|
|
Destination process command line. CMA Name: Destination Process Command Line |
|
|
Destination process parent file path. CMA Name: Destination Process Parent Path |
|
|
Destination process parent process ID. CMA Name: Destination Process Parent PID |
|
|
Destination process file path. CMA Name: Destination Process Path |
|
|
Unique internal Cato ID for the destination site or remote user. CMA Name: Dest Site ID |
|
|
The name of the destination site. CMA Name: Destination Site |
|
|
Short description of the detection. CMA Name: Detection Name |
|
|
Triggered when malware has been detected EPP Behavioral engines and has been dealt with: • on_detection: the event is triggered upon malware detection; • on_end_disinfect: the event is triggered upon detection and followed disinfection; • on_inject: the event is triggered upon code injection. CMA Name: Detection Stage |
|
|
Device Categories. CMA Name: Device Category |
|
|
Device Certificate Validated/Not Validated. CMA Name: Device Certificate |
|
|
The device compliance state at the time of the event, as reported by Intune. CMA Name: Device Compliance State |
|
|
Unique Cato ID for devices. CMA Name: Device ID |
|
|
Device Manufacturer. CMA Name: Device Manufacturer |
|
|
Device Model. CMA Name: Device Model |
|
|
Name for device related to the event. CMA Name: Device Name |
|
|
Device OS Type. CMA Name: Device OS Type |
|
|
Device posture profiles. CMA Name: Device Posture Profile |
|
|
Device Type. CMA Name: Device Type |
|
|
Host name of Domain Controller that created LDAP event. CMA Name: Directory Host Name |
|
|
IP address of Domain Controller that created LDAP event. CMA Name: Directory IP |
|
|
Result of LDAP Domain Controller sync event. CMA Name: Directory Sync Result |
|
|
Type of LDAP Domain Controller sync event. CMA Name: Directory Sync Type |
|
|
If policy is set to disinfect, return the result of this action. CMA Name: Disinfect Result |
|
|
Describes the behavior when the DLP system encounters a failure. CMA Name: DLP Fail Mode |
|
|
DLP profiles related to the event. CMA Name: DLP Profiles |
|
|
Defines the scanning methods used by the DLP system. CMA Name: Data Classifier |
|
|
Cato’s DNS Protection type that matched the DNS request. CMA Name: DNS Protection Category |
|
|
Domain queried in the DNS request. CMA Name: DNS Query |
|
|
Type of record (ie. DNS record: A, AAAA, MX, or PTR). CMA Name: Dns Record Type |
|
|
Domain name based on the SSL SNI, HTTP host name, or DNS name. CMA Name: Domain Name |
|
|
Duration in milliseconds between the start and end of a transaction or operation. For example, in DNS or HTTP events, this reflects the time between the request and the corresponding response. CMA Name: Duration Ms |
|
|
Dynamic Control IDs applied in the event. CMA Name: Dynamic Control IDs |
|
|
Dynamic control names applied in the event. CMA Name: Dynamic Control Names |
|
|
The scope of the dynamic control Applied in the event. CMA Name: Dynamic Control Scope |
|
|
Dynamic control threat categories applied in the event. CMA Name: Dynamic Control Threat Categories |
|
|
Egress PoP Name. CMA Name: Egress PoP Name |
|
|
Egress Site Name for backhauling traffic. CMA Name: Egress Site |
|
|
Email Subject. CMA Name: Email Subject |
|
|
The ID for the endpoint. CMA Name: Endpoint ID |
|
|
The engine type associated with the event. CMA Name: Engine Type |
|
|
The Endpoint Protection Engine that detected the malware. CMA Name: Engine Type use engine_type instead. Planned end-of-life (EoL) date: April 1, 2026. |
|
|
The profile assigned to the endpoint upon detection of the malware. CMA Name: Endpoint Protection Profile |
|
|
Count for events that are repeated multiple times during one minute. CMA Name: Event Count |
|
|
Event Id. CMA Name: Event ID |
|
|
Cato's description of the event. CMA Name: Event Message |
|
|
Sub-type for Routing, Security, Connectivity, System or Sockets Management event. CMA Name: Sub-Type |
|
|
Routing, Security, Connectivity, System or Sockets Management event. CMA Name: Event Type |
|
|
Provides details about why a specific action or process failed. CMA Name: Failure Reason |
|
|
File hash. CMA Name: File Hash |
|
|
File name. CMA Name: File Name |
|
|
The file operation when this event occurred. CMA Name: File Operation |
|
|
File path. CMA Name: File Path |
|
|
File size. CMA Name: File Size (bytes) |
|
|
File Topic - The topic of the file content, as classified by the DLP auto-classification engine. CMA Name: File Topic |
|
|
File Topic Category - The category associated with the classified file topic, as determined by the DLP auto-classification engine. CMA Name: File Topic Category |
|
|
File type. CMA Name: File Type |
|
|
The final status for this object after performing actions as defined by the policy. CMA Name: Final Object Status |
|
|
Uniquely identifies a traffic flow and enables correlation of events and other records related to the same flow. Only available for native data integration created in the CMA and eventsFeed API. Not available in the events or eventsTimeSeries API. |
|
|
Amount of flows for a given incident. CMA Name: Flows Cardinality |
|
|
Full path URL application activity. CMA Name: Full Path URL |
|
|
A unique identifier for the AI Security Guard associated with the event. CMA Name: Guard ID |
|
|
The name of the AI Security Guard associated with the event. CMA Name: Guard Name |
|
|
The type of AI Security Guard associated with the event. CMA Name: Guard Type |
|
|
An identifier for a guest user using Cato through a Captive Portal. CMA Name: Guest User |
|
|
IP address of host related to event. CMA Name: Host IP |
|
|
MAC address of host related to event. CMA Name: Host MAC Address |
|
|
HTTP request method (ie. Get, Post). CMA Name: Request Method |
|
|
HTTP status code returned (ie. for DNS request, DNS-over-HTTPS (DoH) server when DoH is used). CMA Name: Http Response Code |
|
|
For MDR service, a true/false value that indicates if this event is: A summary that aggregates many events (true) Raw network flows for a single event (false). CMA Name: Incident Aggregation |
|
|
Unique Cato ID that identifies this security incident. CMA Name: Incident ID |
|
|
Indication. CMA Name: Indication |
|
|
Indicator. CMA Name: Indicator |
|
|
The initial status of the object, before any policy was applied. CMA Name: Initial Object Status |
|
|
Cato Internal-use only. CMA Name: Internal ID use event_id instead. Planned end-of-life (EoL) date: May 1, 2025. |
|
|
Network protocol for this event. CMA Name: IP Protocol |
|
|
Classifies users based on their permissions. CMA Name: Is Admin |
|
|
Indicates whether an activity requires administrative permissions. CMA Name: Is Admin Activity |
|
|
Is the application a cloud application? True if it is, False if not, null if no catalog application is associated. CMA Name: Is Cloud App |
|
|
Is Compliant. CMA Name: Is Compliant |
|
|
Is Managed. CMA Name: Is Managed |
|
|
Is the app for this event defined as a sanctioned app? (True/False). CMA Name: Is Sanctioned App |
|
|
If the events was part of the sinkhole flow. CMA Name: Is Sinkhole |
|
|
The ISP related to this event (when the IP address isn't provided by the ISP, then the event message is IP Addresses are assigned statically). CMA Name: ISP Name |
|
|
Name defined for the public API Key in the Cato Management Application. CMA Name: Api Key Name |
|
|
A list of labels providing additional context for the event. CMA Name: Labels |
|
|
Role of the conversation participant for the analyzed turn (user, assistant, or tool call). CMA Name: Last Turn Role |
|
|
Data that measures the congestion for a specific link. CMA Name: Link Health is Congested |
|
|
Data that measures the jitter for a specific link. CMA Name: Link Health - Jitter |
|
|
Round Trip Delay in Milliseconds that it takes a packet to travel between the source and the PoP. CMA Name: Link Health - Latency |
|
|
Data that measures the packet loss for a specific link. CMA Name: Link Health - Packet Loss |
|
|
Link type – Cato, Alt. WAN or LAG. CMA Name: Link Type |
|
|
The user logged into this endpoint during this event. CMA Name: Logged In User |
|
|
Login action, values are: User portal (myvpn.catonetworks.com) or VPN client (Client or site traffic). CMA Name: Login Type |
|
|
Matched DLP data types related to the event. CMA Name: Matched Data Types |
|
|
Unique identifier used to correlate request and response events for the same message. CMA Name: Message ID |
|
|
Mitre attack subtechniques. CMA Name: Mitre Attack Subtechniques |
|
|
Mitre attack tactics. CMA Name: Mitre Attack Tactics |
|
|
Mitre attack techniques. CMA Name: Mitre Attack Techniques |
|
|
Flow NAT error reason. CMA Name: NAT Error |
|
|
Network Access. CMA Name: Network Access |
|
|
Matched network rule. CMA Name: Network Rule |
|
|
For SaaS Security API, API Error of Apps Security Notification. CMA Name: Notification API Error |
|
|
For SaaS Security API, description of Apps Security Notification. CMA Name: Notification Description |
|
|
Unique identifier by the 3rd party App of the object being referenced. CMA Name: Object ID |
|
|
The name of the object for this event (for example: file name). CMA Name: Object Name |
|
|
Specifies the type of object being acted upon (e.g., file, folder). CMA Name: Object Type |
|
|
Office mode Enabled/Disabled. CMA Name: Office Mode |
|
|
Host OS or tunnel device. CMA Name: OS Type |
|
|
OS version for the device (such as 14.3.0). CMA Name: OS Version |
|
|
Indicate if the Access to the 3rd Party SaaS App occurs without passing through Cato Cloud (direct access to saas App). CMA Name: Out of Band Access |
|
|
Name of the on-prem deployment environment where the event originated from. CMA Name: Outpost Environment Name |
|
|
For SaaS Security API, email address of the file owner. CMA Name: Owner |
|
|
Pac File Enabled/Disabled. CMA Name: PAC File |
|
|
For SaaS Security API, parent Microsoft 365 connector. CMA Name: Parent Connector Name |
|
|
Name of PoP location. CMA Name: PoP Name |
|
|
Precedence. CMA Name: Precedence |
|
|
Indicate how many processes are part of this event. CMA Name: Processes Involved Count |
|
|
Producer. CMA Name: Producer |
|
|
Related project name(s). CMA Name: Projects |
|
|
Prompt Page Selected Action. CMA Name: Prompt Action |
|
|
The name of the provider, for example cloud provider - AWS. CMA Name: Provider Name |
|
|
Public source IP. CMA Name: Public Source IP |
|
|
QoS Priority value. CMA Name: QoS Priority |
|
|
For QoS, the time that this QoS event started. The event is generated when the QoS event finishes. CMA Name: QoS Reported Time |
|
|
Specifies the path to a quarantine folder for isolated files. CMA Name: Quarantine Folder Path |
|
|
A Unique ID for the quarantined file. CMA Name: Quarantine UUID |
|
|
Raw Data. Only available for native data integration created in the CMA and eventsFeed API. Not available in the events or eventsTimeSeries API. |
|
|
RBI Profile used for RBI Session. CMA Name: RBI Profile |
|
|
Textual recommendation of the steps to take. CMA Name: Recommended Actions |
|
|
The URL that links directly to the object involved in the activity. CMA Name: Reference Url |
|
|
Referer URL from the HTTP request header indicating the source of the request. CMA Name: Referer Url |
|
|
The region of the object. CMA Name: Region Name |
|
|
Registration code used the first time that a SDP user authenticates (the code is partially obfuscated). CMA Name: Registration Code |
|
|
Request packet size in bytes (ie. DNS request packet). CMA Name: Request Size |
|
|
The ID of the resource in the cloud provider. CMA Name: The ID of the resource |
|
|
The specific name or identifier of the resource. CMA Name: Resource Name |
|
|
The type of resource being referenced. CMA Name: Resource Type |
|
|
Response packet size in bytes (ie. DNS response packet). CMA Name: Response Size |
|
|
(IPS or SAM event) Indicates the overall impact of a threat for the host or network: Low – ie. adware Medium – ie. network scans High – ie. spyware or worms. CMA Name: Risk Level |
|
|
The time when the rule is no longer in active. CMA Name: Rule Expiration Time |
|
|
Unique Cato ID for the security rule related to the event. CMA Name: Rule ID |
|
|
Rule name. CMA Name: Rule |
|
|
Secondary socket serial number. CMA Name: Secondary Socket Serial use socket_serial instead. Planned end-of-life (EoL) date: April 1, 2026. |
|
|
Server IP address. CMA Name: Server IP |
|
|
The TLS key exchange algorithm negotiated between the connecting client and the Cato PoP during TLS inspection. This is the algorithm used to establish the shared secret for encrypting traffic on the server-facing (inbound) side of the proxy. CMA Name: Server Key Exchange Algorithm |
|
|
Indicates the internal vendor service or module that produced the data reported in this event. CMA Name: Service Name |
|
|
Unique identifier for grouping multiple messages within the same session. CMA Name: Session ID |
|
|
Severity defined for the rule. CMA Name: Severity |
|
|
Sharing Options for the file (such as SharePoint). CMA Name: Sharing Scope |
|
|
Sign In Types. CMA Name: Sign In Types |
|
|
For IPS and SAM, ID of the IPS signature. CMA Name: Signature ID |
|
|
Socket description. CMA Name: Socket Description |
|
|
Name for Socket interface. CMA Name: Interface ID |
|
|
Socket interface ID. CMA Name: Socket Interface ID |
|
|
Socket MAC address. CMA Name: Socket MAC Address |
|
|
For Socket upgrades, new version number. CMA Name: Socket New Version |
|
|
For Socket upgrade, previous version number. CMA Name: Socket Old Version |
|
|
Type of Socket reset (Hardware/Software). CMA Name: Socket Reset |
|
|
For Socket HA events, indicates if the Socket is primary or secondary. CMA Name: HA Role |
|
|
Socket serial number. CMA Name: Socket Serial |
|
|
Socket version number. CMA Name: Socket Version |
|
|
Split Tunnel Configuration. CMA Name: Split Tunnel |
|
|
Country in which the source host is located (detected via public IP address). CMA Name: Source Country |
|
|
Country Code of country in which the source host is located (detected via public IP address). CMA Name: Source Country Code |
|
|
Source endpoint type (Site, SDP User, App Connector, API Client, or OOB). CMA Name: Source Endpoint Type |
|
|
IP for host or Cato Client. CMA Name: Source IP |
|
|
Source type: site or remote user. CMA Name: Source is Site or SDP User |
|
|
IP address provided by ISP to site or Client. CMA Name: Source ISP IP |
|
|
Source process ID. CMA Name: Source Process PID |
|
|
Internal port number. CMA Name: Source Port |
|
|
Source process command line. CMA Name: Source Process Command Line |
|
|
Source process parent file path. CMA Name: Source Process Parent Path |
|
|
Source process parent process ID. CMA Name: Source Process Parent PID |
|
|
Source process file path. CMA Name: Source Process Path |
|
|
Unique internal Cato ID for the site or remote user. CMA Name: Src Site ID |
|
|
Source site or remote user. CMA Name: Source Site |
|
|
Static host. CMA Name: Static Host |
|
|
The story status. Possible values: Open, Pending Analysis, Pending more info, Closed, Reopened, Monitoring. CMA Name: Status |
|
|
Story Id. CMA Name: Story ID |
|
|
Name of subnet as defined in Cato Management Application. CMA Name: Subnet Name |
|
|
The name of the subscription. CMA Name: Subscription Name |
|
|
Number of targets (servers) associated with this event. CMA Name: Targets Cardinality |
|
|
Shows if traffic was TCP accelerated or not. CMA Name: TCP Acceleration |
|
|
Unique identifier for the tenant within a multi-tenant environment. CMA Name: Tenant ID |
|
|
Tenant Name. CMA Name: Tenant Name |
|
|
Tenant Restriction Rule Name. CMA Name: Tenant Restriction Rule Name |
|
|
Contains the detection risk level. Could be one of the following: • Info - this is information-only event, the activity is not malicious; • Suspicious - the event is suspicious. It may be malicious, but there is not enough information • Malware - the event is malicious activity. CMA Name: Threat Confidence |
|
|
For anti-malware events, malware name For IPS events, explains the reason why the traffic was blocked. CMA Name: Threat Name |
|
|
Link to external malware reference. CMA Name: Threat Reference |
|
|
The higher the score, the more dangerous the event. In range between 1 - 100 inclusive. CMA Name: Threat Score |
|
|
Type of malware event. CMA Name: Threat Type |
|
|
Result of malware event (clean indicates a safe file). CMA Name: Threat Verdict |
|
|
Time stamp of the event (Linux epoch format). CMA Name: Time |
|
|
Time stamp of the event (Human-readable format). Only available for native data integration created in the CMA and eventsFeed API. Not available in the events or eventsTimeSeries API. |
|
|
A short summary of the activity. CMA Name: Title |
|
|
TLS Certificate Error. CMA Name: TLS Certificate Error |
|
|
TLS Error Description. CMA Name: TLS Error Description |
|
|
TLS Error Type. CMA Name: TLS Error Type |
|
|
Shows if traffic was TLS inspected or not. CMA Name: TLS Inspection |
|
|
TLS Inspection rule name. CMA Name: TLS Rule Name |
|
|
TLS Version. CMA Name: TLS Version |
|
|
Total number of tokens processed. CMA Name: Total Tokens |
|
|
Direction of network traffic for this event, values are inbound or outbound. CMA Name: Traffic Direction |
|
|
Total transaction size in bytes, including both the request and response. CMA Name: Transaction Size |
|
|
Translated Client IP. CMA Name: Translated Client IP |
|
|
Translated Server IP. CMA Name: Translated Server IP |
|
|
Trigger. CMA Name: Trigger |
|
|
Trust Type. CMA Name: Trust Type |
|
|
Trusted networks Enabled/Disabled. CMA Name: Trusted Networks |
|
|
Tunnel Protocol TCP/UDP. CMA Name: Tunnel IP Protocol |
|
|
Protocol for the tunnel. CMA Name: Tunnel Protocol |
|
|
Socket upgrade end time (Linux epoch format):. CMA Name: Upgrade End Time |
|
|
Indicates if the Socket upgrade occurred during the maintenance window or initiated by Support (Cato Admin). CMA Name: Upgrade Initiated By |
|
|
Socket upgrade start time (Linux epoch format). CMA Name: Upgrade Start Time |
|
|
URL associated with the event. CMA Name: URL |
|
|
User Agent. CMA Name: User Agent |
|
|
Method used to get identity with User Awareness (such as Identity Agent). CMA Name: User Awareness Method |
|
|
User ID. CMA Name: User ID |
|
|
User that generated the event. CMA Name: User Name |
|
|
Identifies the origin of the user’s connection. CMA Name: User Origin |
|
|
For Block/Prompt page, reference ID to report incorrect category. CMA Name: Event Reference ID |
|
|
User risk level category. CMA Name: User Risk Level |
|
|
The vendor that identified the incident, such as Cato or Microsoft. CMA Name: Vendor |
|
|
Shows the id of the target user involved in an activity. CMA Name: Vendor Collaborator ID |
|
|
Vendor Device Id. CMA Name: Vendor Device ID |
|
|
Vendor Device Name. CMA Name: Vendor Device Name |
|
|
Vendor Event Id. CMA Name: Vendor Event ID |
|
|
Identifies the organization in the vendor’s system. CMA Name: Vendor Org ID |
|
|
Third party vendor policy description. CMA Name: Vendor Policy Description |
|
|
Third party vendor policy ID. CMA Name: Vendor Policy ID |
|
|
Third party vendor policy name. CMA Name: Vendor Policy Name |
|
|
Identifies the site in the vendor’s system. CMA Name: Vendor Site ID |
|
|
Identifies the user in the vendor’s system. CMA Name: Vendor User ID |
|
|
Unique Cato Visible ID for devices. CMA Name: Device ID use device_id instead. Planned end-of-life (EoL) date: April 1, 2026. |
|
|
Lan access Allowed / Blocked. CMA Name: LAN Access |
|
|
User’s email address. CMA Name: SDP User Email |
|
|
WiFi authentication type. CMA Name: Wifi Authentication Type |
|
|
WiFi BSSID (Basic Service Set Identifier). CMA Name: Wifi Bssid |
|
|
WiFi channel. CMA Name: Wifi Channel |
|
|
WiFi authentication failure reason. CMA Name: WiFi Auth Failure Reason |
|
|
Wifi Event Reason Code. CMA Name: Wifi Event Reason Code |
|
|
Wifi Event Type. CMA Name: Wifi Event Type |
|
|
Wifi Event Type Code. CMA Name: Wifi Event Type Code |
|
|
WiFi event display name as shown in the vendor's management application. CMA Name: Wifi Event Vendor Name |
|
|
Wifi Protocol. CMA Name: Wifi Protocol |
|
|
WiFi radio band. CMA Name: Wifi Radio Band |
|
|
Wifi Security Protocols. CMA Name: Wifi Security |
|
|
WiFi signal strength. CMA Name: Wifi Signal Strength |
|
|
WiFi SSID (Service Set Identifier). CMA Name: Wifi Ssid |
|
|
Wifi milliseconds since association to the Access Point. CMA Name: Wifi Time Since Assoc Ms |
|
|
For LDAP sync events, name of the AD domain. CMA Name: Windows Domain Name |
|
|
XFF HTTP header indicates the original IP address for the connections. CMA Name: XFF |
Example
"access_method"
EventRecord
Example
{
"fieldsMap": Map,
"flatFields": ["abc123"],
"time": "2007-12-03T10:15:30Z"
}
Events
EventsDimension
Fields
| Input Field | Description |
|---|---|
fieldName - EventFieldName!
|
Example
{"fieldName": "access_method"}
EventsFeedAccountRecords
Fields
| Field Name | Description |
|---|---|
errorString - String
|
|
id - ID
|
|
records - [EventRecord!]
|
|
Arguments
|
|
Example
{
"errorString": "abc123",
"id": "4",
"records": [EventRecord]
}
EventsFeedData
Fields
| Field Name | Description |
|---|---|
accounts - [EventsFeedAccountRecords]
|
|
fetchedCount - Int!
|
|
marker - String
|
Example
{
"accounts": [EventsFeedAccountRecords],
"fetchedCount": 123,
"marker": "abc123"
}
EventsFilter
Fields
| Input Field | Description |
|---|---|
fieldName - EventFieldName!
|
|
operator - FilterOperator!
|
|
values - [String!]!
|
Example
{
"fieldName": "access_method",
"operator": "between",
"values": ["xyz789"]
}
EventsGraphQuery
Fields
| Field Name | Description |
|---|---|
timeSeriesEvents - TimeSeriesEvents
|
|
type - GraphType!
|
Example
{
"timeSeriesEvents": TimeSeriesEvents,
"type": "ANALYTICS"
}
EventsMeasure
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
fieldName - EventFieldName!
|
|
trend - Boolean
|
Example
{"aggType": "any", "fieldName": "access_method", "trend": true}
EventsPostAggFilter
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
filter - EventsFilter!
|
Example
{"aggType": "any", "filter": EventsFilter}
EventsRecord
Fields
| Field Name | Description |
|---|---|
fields - [EventField!]
|
|
fieldsMap - Map
|
fields in map format (see Map scalar) |
fieldsUnitTypes - [UnitType!]
|
|
flatFields - [String!]
|
Simplified fields, as array of name value tuples, e.g: [ [ "name", "val" ], [ "name2", "val2" ] ... ] |
prevTimeFrame - Map
|
|
trends - Map
|
Example
{
"fields": [EventField],
"fieldsMap": Map,
"fieldsUnitTypes": ["bits"],
"flatFields": ["xyz789"],
"prevTimeFrame": Map,
"trends": Map
}
EventsSort
Fields
| Input Field | Description |
|---|---|
fieldName - EventFieldName!
|
|
order - DirectionEnum!
|
Example
{"fieldName": "access_method", "order": "asc"}
EventsTimeSeries
ExchangeSocketPortsInput
BetaFields
| Input Field | Description |
|---|---|
firstInterface - SocketInterfaceRefInput!
|
The first socket interface to swap. |
secondInterface - SocketInterfaceRefInput!
|
The second socket interface to swap. |
site - SiteRefInput!
|
The site where the ports are exchanged. |
Example
{
"firstInterface": SocketInterfaceRefInput,
"secondInterface": SocketInterfaceRefInput,
"site": SiteRefInput
}
ExchangeSocketPortsPayload
BetaFields
| Field Name | Description |
|---|---|
interfaces - [ExchangedSocketInterface!]!
|
The updated socket interfaces after the exchange. |
Example
{"interfaces": [ExchangedSocketInterface]}
ExchangedSocketInterface
BetaDescription
Minimal socket interface data returned after an exchange.
Fields
| Field Name | Description |
|---|---|
interfaceId - SocketInterfaceIDEnum!
|
|
name - String!
|
Example
{"interfaceId": "INT_1", "name": "abc123"}
ExportJobResponse
BetaExportJobStatus
BetaDescription
Status values for export job lifecycle
Values
| Enum Value | Description |
|---|---|
|
|
Export job finished successfully and file is ready for download |
|
|
Export job encountered an error and could not complete |
|
|
Export job is currently being processed |
|
|
Export job has been queued but not yet started |
Example
"COMPLETED"
ExportStatusResponse
BetaDescription
Response containing the current status and details of an export job
Fields
| Field Name | Description |
|---|---|
downloadUrl - String
|
Download URL (available when status is COMPLETED) |
expiresAt - DateTime
|
Timestamp when the download URL expires |
jobId - ID!
|
Unique identifier for the export job |
message - String
|
Status message describing current state |
progress - Float
|
Completion percentage (0-100%) |
status - ExportJobStatus!
|
Current status of the export job |
Example
{
"downloadUrl": "xyz789",
"expiresAt": "2007-12-03T10:15:30Z",
"jobId": 4,
"message": "xyz789",
"progress": 987.65,
"status": "COMPLETED"
}
ExternalAccessRequest
BetaDescription
Partner account access request details.
Fields
| Field Name | Description |
|---|---|
account - AccountRef!
|
Target account. |
activeDate - DateTime!
|
Date the request becomes active. |
admins - [AdminRef!]!
|
Admins included in the request. |
expirationDate - DateTime!
|
Date the request expires. |
groups - [UsersGroupRef!]!
|
User groups included in the request. |
id - ID!
|
Access request ID. |
isAppliedOnAllFullyManagedAccounts - Boolean!
|
Applies to all fully managed accounts. |
partner - AccountRef!
|
Partner account. |
partnerNote - String
|
Note from the partner. |
reason - String
|
Reason for the request. |
requestedDate - DateTime!
|
Date the request is submitted. |
roles - [RBACRole!]!
|
Roles included in the request. |
status - AccessRequestStatus!
|
Request status. |
Example
{
"account": AccountRef,
"activeDate": "2007-12-03T10:15:30Z",
"admins": [AdminRef],
"expirationDate": "2007-12-03T10:15:30Z",
"groups": [UsersGroupRef],
"id": "4",
"isAppliedOnAllFullyManagedAccounts": false,
"partner": AccountRef,
"partnerNote": "xyz789",
"reason": "abc123",
"requestedDate": "2007-12-03T10:15:30Z",
"roles": [RBACRole],
"status": "ACTIVE"
}
ExternalAccessRequestType
BetaDescription
External access request type.
Values
| Enum Value | Description |
|---|---|
|
|
Automate access request. |
|
|
Default access request. |
|
|
Emergency access request. |
|
|
Exceptional access request. |
|
|
Standard access request. |
|
|
Support access request. |
|
|
Support access request requiring customer approval. |
Example
"AUTOMATE"
Extra
FieldNameInput
Description
FieldName for the different types of FieldName inputs Use the EventFieldName for events, and AuditFieldName for audit
Fields
| Input Field | Description |
|---|---|
AuditFieldName - AuditFieldName
|
Example
{"AuditFieldName": "account"}
FileDetails
Example
{
"issuer": "xyz789",
"md5": "abc123",
"name": "xyz789",
"path": "abc123",
"publisher": "xyz789",
"sha1": "xyz789",
"sha256": "xyz789",
"signer": "xyz789",
"size": 987
}
FileResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
fileDetails - FileDetails
|
|
detectionStatus - DetectionStatusEnum
|
Possible Types
| FileResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"fileDetails": FileDetails,
"detectionStatus": "BLOCKED"
}
FilterOperator
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"between"
Float
Description
The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
Example
987.65
FloatingSubnetRef
BetaDescription
Returns data for the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP.
Example
{"id": 4, "name": "xyz789"}
FloatingSubnetRefInput
BetaDescription
Defines the Floating Subnet object. Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP.
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "abc123"}
Fqdn
BetaDescription
Fully Qualified Domain Name: An exact host name (e.g. www.example.com)
Example
Fqdn
FqdnContainer
BetaDescription
A group with members of FQDN type
Fields
| Field Name | Description |
|---|---|
audit - ContainerAudit!
|
Audit metadata about the container |
description - String
|
Description for the container |
id - ID!
|
Unique container ID |
name - String!
|
Name for the container |
size - Int!
|
Number of items in the container |
syncData - ContainerSyncData
|
Information about automatic synchronization of the container |
syncDataAudit - ContainerSyncDataAudit
|
Audit information about the last synchronization of the container |
Example
{
"audit": ContainerAudit,
"description": "xyz789",
"id": 4,
"name": "abc123",
"size": 987,
"syncData": ContainerSyncData,
"syncDataAudit": ContainerSyncDataAudit
}
FqdnContainerAddValuesInput
BetaDescription
Input for adding values to existing FQDN typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
values - [Fqdn!]!
|
Example
{
"ref": ContainerRefInput,
"values": [Fqdn]
}
FqdnContainerAddValuesPayload
BetaDescription
Payload of AddValues operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
FqdnContainerRef
BetaFqdnContainerRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "abc123"}
FqdnContainerRemoveValuesInput
BetaDescription
Input for removing values from existing FQDN typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
values - [Fqdn!]!
|
Example
{
"ref": ContainerRefInput,
"values": [Fqdn]
}
FqdnContainerRemoveValuesPayload
BetaDescription
Payload of RemoveValues operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
FqdnContainerSearchFqdnInput
BetaDescription
Input for searching FQDN typed containers that contain a specific FQDN
Fields
| Input Field | Description |
|---|---|
fqdn - Fqdn!
|
Example
{"fqdn": Fqdn}
FqdnContainerSearchFqdnPayload
BetaDescription
Payload of FQDN search query
Fields
| Field Name | Description |
|---|---|
containers - [FqdnContainer!]!
|
List of containers with members of type FQDN |
Example
{"containers": [FqdnContainer]}
FqdnContainerSearchInput
BetaDescription
Input for searching FQDN typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
Example
{"ref": ContainerRefInput}
FqdnContainerSearchPayload
BetaDescription
Payload of FQDN container search
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
FreeTextFilterInput
BetaFields
| Input Field | Description |
|---|---|
search - String!
|
Example
{"search": "xyz789"}
Gaussian
Fields
| Input Field | Description |
|---|---|
interfaceIp - IPAddress!
|
|
loadBalancerIp - IPAddress!
|
Example
{
"interfaceIp": IPAddress,
"loadBalancerIp": IPAddress
}
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
interfaceIp - IPAddress!
|
|
loadBalancerIp - IPAddress!
|
|
site - SiteRef!
|
Example
{
"id": "4",
"interfaceIp": IPAddress,
"loadBalancerIp": IPAddress,
"site": SiteRef
}
GenericIncident
BetaFields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
Fields related to analysts research of the threat incident |
categories - [IncidentCategory!]!
|
|
connectionType - ConnectionTypeEnum
|
Connection for the incident |
criticality - Int
|
For Network stories - The potential impact of the issue on your network. Values are from 1 (low impact) to 10 (high impact) For Security stories - Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
For Security stories, description of the threat |
engineType - StoryEngineTypeEnum
|
XDR engine involved with the incident |
entities - [IncidentEntity!]!
|
|
evidences - [GenericIncidentEvidence!]!
|
|
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
id - ID!
|
Unique Cato ID for each story |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
mitres - [Mitre!]
|
|
muted - Boolean!
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
Producer (specific XDR engine and service) involved with the incident use 'producerType' instead |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
producerType - StoryProducerEnum!
|
|
queries - [DataQuery!]!
|
|
queryName - String
|
Category for the indication ID related to the story |
research - Boolean
|
The value is TRUE when the story is currently being researched by Security Analysts |
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
Cato ID and name for the site |
siteName - String
|
Site name related to the story 'siteName' is deprecated, use 'site.name' instead |
source - String
|
For Network stories - The site where the network issue is occurring For Security stories - IP address, name of device, or SDP user on your network involved in the story |
sourceIp - String
|
The source IP address of the device in your network sending or receiving the flow |
status - StoryStatusEnum
|
Status for the story |
statusInfo - GenericIncidentStatusInfo
|
|
storyDuration - Int
|
Amount of time since the story was opened (no value for closed stories) |
ticket - String
|
The ticket an analyst created for this story |
user - UserRef
|
Cato ID and name for the user |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
vendorInfo - GenericIncidentVendorInfo
|
Example
{
"analystFeedback": AnalystFeedback,
"categories": ["OPERATIONAL"],
"connectionType": "Host",
"criticality": 987,
"description": "abc123",
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"evidences": [GenericIncidentEvidence],
"firstSignal": "2007-12-03T10:15:30Z",
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"mitres": [Mitre],
"muted": true,
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"producerType": "AnomalyEvents",
"queries": [DataQuery],
"queryName": "xyz789",
"research": true,
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "xyz789",
"source": "xyz789",
"sourceIp": "abc123",
"status": "Closed",
"statusInfo": GenericIncidentStatusInfo,
"storyDuration": 987,
"ticket": "abc123",
"user": UserRef,
"vendor": "CATO",
"vendorInfo": GenericIncidentVendorInfo
}
GenericIncidentEvidence
Fields
| Field Name | Description |
|---|---|
data - [GenericIncidentEvidenceData!]!
|
|
type - GenericIncidentEvidenceType!
|
|
value - String
|
Example
{
"data": [GenericIncidentEvidenceData],
"type": "CONFIG",
"value": "abc123"
}
GenericIncidentEvidenceData
Fields
| Field Name | Description |
|---|---|
fieldName - String!
|
|
values - [String!]!
|
Example
{
"fieldName": "abc123",
"values": ["xyz789"]
}
GenericIncidentEvidenceType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONFIG"
GenericIncidentStatusInfo
Fields
| Field Name | Description |
|---|---|
classification - String
|
|
incidentStatus - String
|
|
verdict - StoryVerdictEnum
|
Example
{
"classification": "xyz789",
"incidentStatus": "abc123",
"verdict": "Benign"
}
GenericIncidentVendorInfo
GetAdminPayload
Fields
| Field Name | Description |
|---|---|
adminType - AdminType!
|
|
creationDate - String!
|
|
email - String!
|
|
firstName - String!
|
|
id - ID!
|
|
lastName - String!
|
|
managedRoles - [AdminRole!]
|
|
mfaEnabled - Boolean!
|
|
passwordNeverExpires - Boolean!
|
|
resellerRoles - [AdminRole!]
|
Example
{
"adminType": "LOGIN",
"creationDate": "abc123",
"email": "xyz789",
"firstName": "abc123",
"id": 4,
"lastName": "abc123",
"managedRoles": [AdminRole],
"mfaEnabled": false,
"passwordNeverExpires": true,
"resellerRoles": [AdminRole]
}
GetServicePrincipalAdminPayload
Fields
| Field Name | Description |
|---|---|
adminType - AdminType!
|
|
creationDate - String!
|
|
email - String
|
|
id - ID!
|
|
managedRoles - [AdminRole!]
|
|
name - String!
|
|
resellerRoles - [AdminRole!]
|
Example
{
"adminType": "LOGIN",
"creationDate": "abc123",
"email": "abc123",
"id": 4,
"managedRoles": [AdminRole],
"name": "abc123",
"resellerRoles": [AdminRole]
}
GlobalIpRangeRef
BetaGlobalIpRangeRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
GlobalLicenseAllocations
BetaDescription
License usage and allocation across all accounts
Fields
| Field Name | Description |
|---|---|
publicIps - PublicIpsLicenseAllocations
|
Public IP addresses usage across the accounts |
ztnaUsers - ZtnaUsersLicenseAllocations
|
ZTNA license allocation across the accounts |
Example
{
"publicIps": PublicIpsLicenseAllocations,
"ztnaUsers": ZtnaUsersLicenseAllocations
}
GlobalRangeRef
BetaGraphEventsDimension
Fields
| Field Name | Description |
|---|---|
fieldName - String!
|
Example
{"fieldName": "xyz789"}
GraphEventsFilter
Fields
| Field Name | Description |
|---|---|
fieldName - String!
|
|
operator - String!
|
|
values - [String!]!
|
Example
{
"fieldName": "xyz789",
"operator": "abc123",
"values": ["xyz789"]
}
GraphEventsMeasure
GraphType
Values
| Enum Value | Description |
|---|---|
|
|
Example
"ANALYTICS"
Group
BetaDescription
A group is a collection of typed members (e.g., sites, hosts). Groups can include members of different types.
When you update a group or use it in a policy, the system verifies that all members are allowed in the policy's scope. If a group is used in a policy that doesn’t support certain member types, you can't add those types to the group. If a group already includes unsupported types, you can only assign it to a policy that supports those types. A member type is valid if it's supported in the group and allowed in the policy scope.
Fields
| Field Name | Description |
|---|---|
audit - AuditingMetadata!
|
Contains creation and modification metadata for the group |
description - String
|
Optional free-text description for documentation or context |
id - ID!
|
Unique ID for the group. |
members - GroupMembersListPayload!
|
Lists the members in this group. Supports paging, filtering, and sorting by type and name |
Arguments
|
|
membersCount - Int!
|
Total number of group members. When paging and filtering is used, this number may be higher than the number of members returned by the query |
membersCountPerType - [GroupMemberTypeCount!]!
|
Breakdown of member count by type (e.g., number of sites, hosts, etc.). |
name - String!
|
Name of the group (not guaranteed to be globally unique). |
Example
{
"audit": AuditingMetadata,
"description": "xyz789",
"id": 4,
"members": GroupMembersListPayload,
"membersCount": 987,
"membersCountPerType": [GroupMemberTypeCount],
"name": "abc123"
}
GroupListFilterInput
BetaDescription
Apply filters when fetching the list of groups.
Fields
| Input Field | Description |
|---|---|
audit - [AuditingMetadataFilterInput!]
|
Filter by audit metadata (e.g., created by) |
freeText - FreeTextFilterInput
|
Free-text search across textual fields like name |
id - [IdFilterInput!]
|
Filter by group ID |
member - [GroupMemberFilterInput!]
|
Filter groups that include specific members |
name - [AdvancedStringFilterInput!]
|
Filter by group name |
Example
{
"audit": [AuditingMetadataFilterInput],
"freeText": FreeTextFilterInput,
"id": [IdFilterInput],
"member": [GroupMemberFilterInput],
"name": [AdvancedStringFilterInput]
}
GroupListInput
BetaDescription
List groups with optional filters, sorting, and pagination.
Fields
| Input Field | Description |
|---|---|
filter - [GroupListFilterInput!]
|
Filter groups by ID, name, member, audit data, or free-text |
paging - PagingInput!
|
Pagination settings Default |
sort - GroupListSortInput!
|
Sorting options, default behavior is ascending by name Default |
Example
{
"filter": [GroupListFilterInput],
"paging": PagingInput,
"sort": GroupListSortInput
}
GroupListPayload
BetaGroupListSortInput
BetaDescription
Sort groups by name or audit metadata
Fields
| Input Field | Description |
|---|---|
audit - AuditingMetadataSortInput
|
Sort groups by audit metadata (e.g., creation time) |
name - SortOrderInput
|
ort groups by name |
Example
{
"audit": AuditingMetadataSortInput,
"name": SortOrderInput
}
GroupMemberFilterInput
BetaDescription
Filter groups by member reference.
Fields
| Input Field | Description |
|---|---|
ref - GroupMemberRefTypedInput!
|
Member reference used to identify the groups it belongs to |
Example
{"ref": GroupMemberRefTypedInput}
GroupMemberRefType
BetaDescription
Member types that can be referenced in a group.
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"FLOATING_SUBNET"
GroupMemberRefTypeFilterInput
BetaDescription
Filter member types using the supported operators
Fields
| Input Field | Description |
|---|---|
eq - GroupMemberRefType
|
Match if member type equals this value |
in - [GroupMemberRefType!]
|
Match if member type is in this list |
neq - GroupMemberRefType
|
Match if member type does not equal this value |
nin - [GroupMemberRefType!]
|
Match if member type is not in this list |
Example
{
"eq": "FLOATING_SUBNET",
"in": ["FLOATING_SUBNET"],
"neq": "FLOATING_SUBNET",
"nin": ["FLOATING_SUBNET"]
}
GroupMemberRefTyped
BetaDescription
Reference to a group member, including its ID, name, and type. Used when listing or identifying members within a group.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Object's unique identifier |
name - String!
|
Object's unique name |
type - GroupMemberRefType!
|
Example
{
"id": 4,
"name": "abc123",
"type": "FLOATING_SUBNET"
}
GroupMemberRefTypedInput
BetaDescription
A reference to a group member, used when adding or filtering members.
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Whether to resolve the reference by ID or name. Defaults to ID. Default |
input - String!
|
The value of the member identifier (ID or name) |
type - GroupMemberRefType!
|
The member type. |
Example
{
"by": "ID",
"input": "xyz789",
"type": "FLOATING_SUBNET"
}
GroupMemberTypeCount
BetaDescription
Counts how many members of each type the group contains.
Fields
| Field Name | Description |
|---|---|
membersCount - Int!
|
Number of members of this type that belong to the group |
type - GroupMemberRefType!
|
The member type (e.g., SITE, HOST) |
Example
{"membersCount": 987, "type": "FLOATING_SUBNET"}
GroupMembersListFilterInput
BetaDescription
Filters to narrow down group members that are fetched.
Fields
| Input Field | Description |
|---|---|
name - [AdvancedStringFilterInput!]
|
Filter group members by name |
type - [GroupMemberRefTypeFilterInput!]
|
Filter group members by type |
Example
{
"name": [AdvancedStringFilterInput],
"type": [GroupMemberRefTypeFilterInput]
}
GroupMembersListInput
BetaDescription
Filter, sort, and pagination applied when fetching the the list of group members.
Fields
| Input Field | Description |
|---|---|
filter - [GroupMembersListFilterInput!]
|
|
paging - PagingInput!
|
|
sort - GroupMembersListSortInput!
|
Example
{
"filter": [GroupMembersListFilterInput],
"paging": PagingInput,
"sort": GroupMembersListSortInput
}
GroupMembersListPayload
BetaDescription
A list of group members, pagination details, applied filters, and sorting information.
Fields
| Field Name | Description |
|---|---|
items - [GroupMemberRefTyped!]!
|
List of members that matched the query (including filtering, sorting, and paging). |
paging - PageInfo!
|
Pagination information for the result set (e.g., offset, total count). |
Example
{
"items": [GroupMemberRefTyped],
"paging": PageInfo
}
GroupMembersListSortInput
BetaDescription
Sort group members by one or more fields. If multiple fields are specified, the system uses their priority to determine order. For example, type with priority 1 will be used first, then name with priority 2.
Fields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
Sort by member name |
type - SortOrderInput
|
Sort by member type |
Example
{
"name": SortOrderInput,
"type": SortOrderInput
}
GroupRef
BetaGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
GroupScope
BetaDescription
The scope (context) in which a group is used or supported. Includes the policy type and the specific field name(s) where the group is used.
Fields
| Field Name | Description |
|---|---|
field - [String!]!
|
The specific fields within the policy where the group is used (e.g., 'source', 'destination'). |
type - String!
|
The type of policy (e.g.,WAN Firewall). |
Example
{
"field": ["abc123"],
"type": "xyz789"
}
GroupWhereUsedPayload
BetaDescription
Describes where the group is used across policies and scopes.
Includes a list of policy scopes where the group is applied, and identifies any member types that are not supported in those policy scopes.
Fields
| Field Name | Description |
|---|---|
invalidMemberTypes - [InvalidGroupMemberTypeInScope!]!
|
Member types in the group that are not valid in one or more scopes where the group is used. |
usage - [GroupScope!]!
|
List of scopes where the group is used. Each scope indicates the policy type and field. |
used - Boolean!
|
Value is True if the group is used in at least one policy or scope. |
Example
{
"invalidMemberTypes": [InvalidGroupMemberTypeInScope],
"usage": [GroupScope],
"used": true
}
HaReadiness
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"not_ready"
HaRole
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"PRIMARY"
HaStatus
Description
Basic Site Ha readiness information
Fields
| Field Name | Description |
|---|---|
keepalive - HaSubStatus
|
|
readiness - HaReadiness
|
|
socketVersion - HaSubStatus
|
|
wanConnectivity - HaSubStatus
|
Example
{
"keepalive": "fail",
"readiness": "not_ready",
"socketVersion": "fail",
"wanConnectivity": "fail"
}
HaSubStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"fail"
Hardware
BetaFields
| Field Name | Description |
|---|---|
account - AccountRef
|
Cma account |
id - ID!
|
Id |
lastModified - DateTime
|
Last modified |
licenseId - ID
|
Crm License Id |
licenseStartDate - Date
|
License start date |
locationId - ID
|
Reference to the Enterprise Directory address |
macAddress - String
|
Product Mac address |
model - String
|
Product model |
poNumber - String
|
Product order number |
productType - String
|
Product type |
quoteId - String
|
Quote ID where the product was purchased |
serialNumber - String
|
Serial number |
shippingDetail - ShippingDetails
|
Shipping details |
shippingTracking - ShippingTracking
|
Shipping tracking data |
siteCountryName - String
|
The site’s country |
validation - HardwareValidation
|
Validation details |
Example
{
"account": AccountRef,
"id": "4",
"lastModified": "2007-12-03T10:15:30Z",
"licenseId": "4",
"licenseStartDate": "2007-12-03",
"locationId": "4",
"macAddress": "abc123",
"model": "abc123",
"poNumber": "xyz789",
"productType": "abc123",
"quoteId": "xyz789",
"serialNumber": "abc123",
"shippingDetail": ShippingDetails,
"shippingTracking": ShippingTracking,
"siteCountryName": "xyz789",
"validation": HardwareValidation
}
HardwareFilterInput
BetaFields
| Input Field | Description |
|---|---|
account - [AccountFilter!]
|
|
countryCode - StringFilterInput
|
|
countryName - [StringFilterInput!]
|
|
freeText - FreeTextFilterInput
|
Will run contains operation for the provided text on the following fields productType, sfId, siteName, quoteId, model, zipCode, country, city, state, street, companyName, contactName, trackingUrl, trackingNumber, serialNumber and comment with OR between them |
id - [IdFilterInput!]
|
|
licenseStartDate - [DateTimeFilterInput!]
|
|
product - [StringFilterInput!]
|
|
serialNumber - [StringFilterInput!]
|
|
shippingStatus - [ShippingStatusFilterInput!]
|
|
validAddress - BooleanFilterInput
|
Example
{
"account": [AccountFilter],
"countryCode": StringFilterInput,
"countryName": [StringFilterInput],
"freeText": FreeTextFilterInput,
"id": [IdFilterInput],
"licenseStartDate": [DateTimeFilterInput],
"product": [StringFilterInput],
"serialNumber": [StringFilterInput],
"shippingStatus": [ShippingStatusFilterInput],
"validAddress": BooleanFilterInput
}
HardwarePayload
BetaFields
| Field Name | Description |
|---|---|
items - [Hardware!]!
|
The results |
pageInfo - PageInfo
|
Pagination details |
Example
{
"items": [Hardware],
"pageInfo": PageInfo
}
HardwareSearchInput
BetaFields
| Input Field | Description |
|---|---|
filter - HardwareFilterInput
|
|
paging - PagingInput
|
|
sort - HardwareSortInput
|
Example
{
"filter": HardwareFilterInput,
"paging": PagingInput,
"sort": HardwareSortInput
}
HardwareSortInput
BetaFields
| Input Field | Description |
|---|---|
country - SortOrderInput
|
|
incoterms - SortOrderInput
|
|
licenseId - SortOrderInput
|
|
licenseStartDate - SortOrderInput
|
Default sort field |
productType - SortOrderInput
|
|
quoteId - SortOrderInput
|
|
serialNumber - SortOrderInput
|
|
shippingDate - SortOrderInput
|
|
shippingStatus - SortOrderInput
|
|
siteName - SortOrderInput
|
Example
{
"country": SortOrderInput,
"incoterms": SortOrderInput,
"licenseId": SortOrderInput,
"licenseStartDate": SortOrderInput,
"productType": SortOrderInput,
"quoteId": SortOrderInput,
"serialNumber": SortOrderInput,
"shippingDate": SortOrderInput,
"shippingStatus": SortOrderInput,
"siteName": SortOrderInput
}
HardwareValidation
BetaFields
| Field Name | Description |
|---|---|
addressValidationStatus - AddressValidationStatus
|
Address validation details |
completed - Boolean!
|
Complete item |
incompleteReason - String
|
Incomplete reason |
Example
{
"addressValidationStatus": "INVALID",
"completed": false,
"incompleteReason": "abc123"
}
HostRef
BetaHostRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
HttpHeaderName
Description
Http header name
Example
HttpHeaderName
HttpHeaderNameValue
Fields
| Field Name | Description |
|---|---|
name - HttpHeaderName!
|
|
value - HttpHeaderValue!
|
Example
{
"name": HttpHeaderName,
"value": HttpHeaderValue
}
HttpHeaderNameValueInput
Fields
| Input Field | Description |
|---|---|
name - HttpHeaderName!
|
|
value - HttpHeaderValue!
|
Example
{
"name": HttpHeaderName,
"value": HttpHeaderValue
}
HttpHeaderValue
Description
Http header value
Example
HttpHeaderValue
HwShippingDetailsInput
BetaFields
| Input Field | Description |
|---|---|
details - ShippingDetailsInputByLocationId!
|
The shipping details |
powerCable - String
|
Power cable type (for sockets only) |
Example
{
"details": ShippingDetailsInputByLocationId,
"powerCable": "xyz789"
}
ID
Description
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Example
4
IPAddress
Description
An IPv4 IP address
Example
IPAddress
IPAddressFilterInput
BetaFields
| Input Field | Description |
|---|---|
between - [IPAddress!]
|
|
eq - IPAddress
|
|
in - [IPAddress!]
|
|
neq - IPAddress
|
|
nin - [IPAddress!]
|
|
nwithin - NetworkSubnet
|
|
within - NetworkSubnet
|
Example
{
"between": [IPAddress],
"eq": IPAddress,
"in": [IPAddress],
"neq": IPAddress,
"nin": [IPAddress],
"nwithin": NetworkSubnet,
"within": NetworkSubnet
}
IPInfo
Description
A general structure to contain IP detailed information
Fields
| Field Name | Description |
|---|---|
city - String
|
Geolocation city |
countryCode - String
|
Geolocation ISO country code |
countryName - String
|
Geolocation country name |
ip - String
|
IP address of the link |
latitude - Float
|
Geolocation latitude for the ISP |
longitude - Float
|
Geolocation longitude for the ISP |
provider - String
|
ISP Internet provider |
state - String
|
Geolocation state |
Example
{
"city": "xyz789",
"countryCode": "abc123",
"countryName": "abc123",
"ip": "xyz789",
"latitude": 123.45,
"longitude": 123.45,
"provider": "abc123",
"state": "abc123"
}
IPRange
Description
A from-to range (used for DHCP range, for example)
Example
IPRange
IPSecInfo
Description
Basic IPSec configuration information
Fields
| Field Name | Description |
|---|---|
catoIP - String
|
The source IP address for the IPsec tunnel in the Cato Cloud |
ikeVersion - Int
|
Shows 1 for IKEv1 and 2 for IKEv2 |
isPrimary - Boolean
|
For HA configurations, when this boolean value is true, this the primary IPsec firewall or routing device |
remoteIP - String
|
The destination IP address for the IPsec tunnel (in the site) |
tunnelConfig - [TunnelConfig!]!
|
List of tunnels configured on the device |
Example
{
"catoIP": "xyz789",
"ikeVersion": 123,
"isPrimary": false,
"remoteIP": "xyz789",
"tunnelConfig": [TunnelConfig]
}
IPSecV2InterfaceId
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"PRIMARY1"
IPSecV2TunnelRole
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"WAN1"
IPSubnet
Example
IPSubnet
IPolicy
Description
Shared interface for any policy
Fields
| Field Name | Description |
|---|---|
enabled - Boolean!
|
TRUE = Policy is enabled, FALSE = Policy is disabled |
rules - [IPolicyRulePayload!]!
|
Return list of rules in the policy |
sections - [PolicySectionPayload!]!
|
Return sections in the policy |
audit - PolicyAudit
|
Audit data for the policy |
revision - PolicyRevision
|
Return data for the Policy revision |
Possible Types
| IPolicy Types |
|---|
Example
{
"enabled": true,
"rules": [IPolicyRulePayload],
"sections": [PolicySectionPayload],
"audit": PolicyAudit,
"revision": PolicyRevision
}
IPolicyMutationPayload
Description
Results of policy change
Fields
| Field Name | Description |
|---|---|
policy - IPolicy
|
Data for the policy |
status - PolicyMutationStatus!
|
Enum for the status of the policy change |
errors - [PolicyMutationError!]!
|
List of errors related to the policy change |
Possible Types
| IPolicyMutationPayload Types |
|---|
Example
{
"policy": IPolicy,
"status": "FAILURE",
"errors": [PolicyMutationError]
}
IPolicyRule
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Rule ID |
name - String!
|
Name of the rule |
description - String
|
Description for the rule |
index - Int!
|
Position / priority of rule |
enabled - Boolean!
|
TRUE = Rule is enabled, FALSE = Rule is disabled |
section - PolicySectionInfo
|
Policy section where the rule is located |
Possible Types
| IPolicyRule Types |
|---|
Example
{
"id": 4,
"name": "xyz789",
"description": "abc123",
"index": 123,
"enabled": true,
"section": PolicySectionInfo
}
IPolicyRuleMutationPayload
Description
Results of rule change
Fields
| Field Name | Description |
|---|---|
rule - IPolicyRulePayload
|
Returns settings for the rule |
status - PolicyMutationStatus!
|
Enum for the status of the policy change |
errors - [PolicyMutationError!]!
|
List of errors related to the policy change |
Possible Types
| IPolicyRuleMutationPayload Types |
|---|
Example
{
"rule": IPolicyRulePayload,
"status": "FAILURE",
"errors": [PolicyMutationError]
}
IPolicyRulePayload
Description
Results of changes to the rule
Fields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
rule - IPolicyRule!
|
Rule that was changed |
properties - [PolicyElementPropertiesEnum!]!
|
Summary of rule change, (ie. ADDED, UPDATED) |
Possible Types
| IPolicyRulePayload Types |
|---|
Example
{
"audit": PolicyElementAudit,
"rule": IPolicyRule,
"properties": ["ADDED"]
}
IdFilterInput
BetaIdentificationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"EMAIL"
IlmmContact
IlmmDetails
Fields
| Field Name | Description |
|---|---|
contacts - [IlmmContact!]
|
|
ispDetails - IlmmIspDetails
|
|
linkDetails - IlmmLinkDetails
|
Example
{
"contacts": [IlmmContact],
"ispDetails": IlmmIspDetails,
"linkDetails": IlmmLinkDetails
}
IlmmIspDetails
Example
{
"countryCode": "abc123",
"description": "abc123",
"ispAccountId": "abc123",
"loaFile": IspLoaFile,
"name": "xyz789",
"supportEmail": "xyz789",
"supportPhone": "abc123"
}
IlmmLicense
BetaDescription
Intelligent Last Mile Monitoring (ILMM) License details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The total amount of ILMM licenses. |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
IlmmLinkDetails
Example
{
"activeLicense": false,
"comments": "xyz789",
"description": "xyz789",
"ispLinkId": "abc123",
"linkId": "abc123",
"onboardingStatus": "COMPLETE"
}
IlmmOnboardingStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"COMPLETE"
IncidentCategory
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"OPERATIONAL"
IncidentEntity
BetaFields
| Field Name | Description |
|---|---|
data - [IncidentEntityData!]!
|
|
kind - String
|
|
ref - ObjectRef!
|
|
role - String
|
|
type - String
|
Example
{
"data": [IncidentEntityData],
"kind": "xyz789",
"ref": ObjectRef,
"role": "xyz789",
"type": "xyz789"
}
IncidentEntityData
BetaFields
| Field Name | Description |
|---|---|
fieldName - String!
|
|
values - [String!]!
|
Example
{
"fieldName": "abc123",
"values": ["xyz789"]
}
IncidentFlow
Fields
| Field Name | Description |
|---|---|
appName - String
|
|
clientClass - String
|
|
createdAt - DateTime
|
|
destinationCountry - String
|
|
destinationGeolocation - String
|
|
destinationIp - String
|
|
destinationPort - Int
|
|
direction - String
|
|
dnsResponseIP - String
|
|
domain - String
|
|
fileHash - String
|
|
httpResponseCode - Int
|
|
ja3 - String
|
|
method - String
|
|
referer - String
|
|
smbFileName - String
|
|
sourceGeolocation - String
|
|
sourceIp - String
|
|
sourcePort - Int
|
|
target - String
|
|
tunnelGeolocation - String
|
|
url - String
|
|
user - String
|
|
userAgent - String
|
Example
{
"appName": "abc123",
"clientClass": "xyz789",
"createdAt": "2007-12-03T10:15:30Z",
"destinationCountry": "abc123",
"destinationGeolocation": "abc123",
"destinationIp": "abc123",
"destinationPort": 987,
"direction": "xyz789",
"dnsResponseIP": "xyz789",
"domain": "xyz789",
"fileHash": "abc123",
"httpResponseCode": 123,
"ja3": "xyz789",
"method": "abc123",
"referer": "abc123",
"smbFileName": "xyz789",
"sourceGeolocation": "xyz789",
"sourceIp": "abc123",
"sourcePort": 123,
"target": "abc123",
"tunnelGeolocation": "xyz789",
"url": "xyz789",
"user": "xyz789",
"userAgent": "abc123"
}
IncidentTargetRep
Fields
| Field Name | Description |
|---|---|
analysisScore - Float
|
|
categories - String
|
|
catoPopularity - Int
|
|
countryOfRegistration - String
|
|
creationTime - DateTime
|
|
engines - Int
|
|
eventData - [Event!]!
|
|
infectionSource - Boolean
|
|
name - String
|
|
searchHits - String
|
|
threatFeeds - Int
|
|
threatReference - String
|
|
type - TargetType
|
Example
{
"analysisScore": 987.65,
"categories": "xyz789",
"catoPopularity": 123,
"countryOfRegistration": "xyz789",
"creationTime": "2007-12-03T10:15:30Z",
"engines": 987,
"eventData": [Event],
"infectionSource": true,
"name": "abc123",
"searchHits": "xyz789",
"threatFeeds": 987,
"threatReference": "xyz789",
"type": "domain"
}
IncidentTimeseries
Fields
| Field Name | Description |
|---|---|
data - [Float!]
|
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type) |
Arguments
|
|
groupBy - String
|
The parameter by which the timeseries data is grouped |
info - [String!]
|
Specific information about the timeseries, used to build its name, title etc |
key - TimeseriesKey
|
|
label - String!
|
Indicates the type of the timeseries |
sum - Float
|
|
units - UnitType
|
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types of data to make sense. |
Example
{
"data": [123.45],
"groupBy": "xyz789",
"info": ["xyz789"],
"key": TimeseriesKey,
"label": "xyz789",
"sum": 123.45,
"units": "bits"
}
IncomingAccessRequestFilterInput
BetaDescription
Filter criteria for listing managed account access requests.
Fields
| Input Field | Description |
|---|---|
expirationDate - DateTimeFilterInput
|
Filter by expiration date. |
requestedDate - DateTimeFilterInput
|
Filter by requested date. |
search - StringFilterInput
|
Filter by search string. |
status - AccessRequestStatusFilterInput
|
Filter by status. |
Example
{
"expirationDate": DateTimeFilterInput,
"requestedDate": DateTimeFilterInput,
"search": StringFilterInput,
"status": AccessRequestStatusFilterInput
}
IncomingAccessRequestListInput
BetaDescription
Input for listing managed account access requests.
Fields
| Input Field | Description |
|---|---|
filter - IncomingAccessRequestFilterInput
|
Filter criteria. |
paging - PagingInput!
|
Pagination settings. Default |
sort - AccessRequestSortInput!
|
Sort settings. Default |
Example
{
"filter": IncomingAccessRequestFilterInput,
"paging": PagingInput,
"sort": AccessRequestSortInput
}
IncomingAccessRequestListPayload
BetaDescription
Output for listing managed account access requests.
Fields
| Field Name | Description |
|---|---|
items - [IncomingExternalAccessRequest!]!
|
Incoming access requests. |
paging - PageInfo!
|
Pagination information. |
Example
{
"items": [IncomingExternalAccessRequest],
"paging": PageInfo
}
IncomingAccessRequestPermission
BetaIncomingAccessRequestPermissions
BetaDescription
Permissions requested for an account access request.
Fields
| Field Name | Description |
|---|---|
permissions - [IncomingAccessRequestPermission!]!
|
Requested permissions. |
Example
{"permissions": [IncomingAccessRequestPermission]}
IncomingExternalAccessRequest
BetaDescription
Managed account access request details.
Fields
| Field Name | Description |
|---|---|
activeDate - DateTime!
|
Date the request becomes active. |
expirationDate - DateTime!
|
Date the request expires. |
id - ID!
|
Access request ID. |
isAppliedOnAllFullyManagedAccounts - Boolean!
|
Applies to all fully managed accounts. |
note - String
|
Note from the managed account admin. |
partner - AccountRef!
|
Partner account. |
permissions - IncomingAccessRequestPermissions!
|
Requested permissions. |
reason - String
|
Reason for the request. |
requestedDate - DateTime!
|
Date the request is submitted. |
status - AccessRequestStatus!
|
Request status. |
Example
{
"activeDate": "2007-12-03T10:15:30Z",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"isAppliedOnAllFullyManagedAccounts": true,
"note": "abc123",
"partner": AccountRef,
"permissions": IncomingAccessRequestPermissions,
"reason": "abc123",
"requestedDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
Int
Description
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
Example
987
IntFilterInput
BetaIntPredicate
BetaIntegrationList
Description
Container for listing webhook integrations associated with a Subscription Group.
Fields
| Field Name | Description |
|---|---|
webhookList - [Webhook!]!
|
List of webhook integrations included in the Subscription Group. |
Example
{"webhookList": [Webhook]}
IntegrationRefInput
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Choose to specify the integration by name or by ID. IDs are automatically unique, if you use a non-unique name, it will result in an error. Default |
input - String!
|
The corresponding name or ID. |
Example
{"by": "ID", "input": "xyz789"}
InterfaceInfo
Description
Basic Socket Interface configuration information
Fields
| Field Name | Description |
|---|---|
destType - String
|
The destination type configured to the Socket interface |
downstreamBandwidth - Int
|
Maximum allowed bandwidth for traffic on this port, from the Cato Cloud to the site |
downstreamBandwidthMbpsPrecision - Float
|
Maximum allowed bandwidth for traffic on this port in MBPS with single decimal point, from the Cato Cloud to the site Beta |
id - ID!
|
ID for the Socket port in the Socket WebUI Monitor tab |
name - String
|
Name for the port in the Cato Management Application |
upstreamBandwidth - Int
|
Maximum allowed bandwidth on this port, for traffic from the site to the Cato Cloud |
upstreamBandwidthMbpsPrecision - Float
|
Maximum allowed bandwidth on this port in MBPS with single decimal point, for traffic from the site to the Cato Cloud Beta |
wanRole - SocketInterfaceWanRole
|
Role for the WAN interface Beta |
Example
{
"destType": "abc123",
"downstreamBandwidth": 987,
"downstreamBandwidthMbpsPrecision": 987.7,
"id": "4",
"name": "abc123",
"upstreamBandwidth": 123,
"upstreamBandwidthMbpsPrecision": 987.7,
"wanRole": "NONE"
}
InterfaceLinkState
Fields
| Field Name | Description |
|---|---|
duplex - String
|
Shows the duplex mode for the link |
hasAddress - Boolean
|
Indicates if the WAN interface has an IP address |
hasInternet - Boolean
|
Indicates if the interface is connected to the Internet |
hasTunnel - Boolean
|
Indicates if a connection has been established with the Cato Cloud |
id - ID
|
The ID for the specific Socket port, for example LAN1 or LAN2 |
linkSpeed - String
|
Shows the maximum bandwidth configured for the link |
mediaIn - Boolean
|
Indicates if there is a physical connection to the port |
up - Boolean
|
When this boolean value is true, then the link for the port is up |
Example
{
"duplex": "abc123",
"hasAddress": true,
"hasInternet": true,
"hasTunnel": true,
"id": 4,
"linkSpeed": "abc123",
"mediaIn": false,
"up": true
}
InterfaceMetrics
Fields
| Field Name | Description |
|---|---|
annotations - [TimeAnnotation!]
|
Time stamp annotation that shows a time increment for a GUI |
Arguments
|
|
interfaceInfo - InterfaceInfo
|
Basic configuration information about the Socket interface . Applicable only for site |
ipsecInfo - IPSecInfo
|
Data related to IPsec sites, such as IKE version . Applicable only for site |
metrics - Metrics
|
Traffic data for the link |
Arguments
|
|
name - String
|
Link name in the Cato Management Application |
periods - [TimePeriod!]
|
object that is a specific time duration |
remoteIP - String
|
IP address the ISP allocates to the WAN link |
remoteIPInfo - IPInfo
|
Data related to the link IP address, such as country code |
socketInfo - SocketInfo
|
Data related to Socket and vSocket sites, such as serial number and Socket version. Applicable only for site |
timeseries - [Timeseries!]
|
For site metrics, timeseries info field will include: siteID, interfaceName, for last mile metrics it will also include the destination last mile check |
Arguments
|
|
Example
{
"annotations": [TimeAnnotation],
"interfaceInfo": InterfaceInfo,
"ipsecInfo": IPSecInfo,
"metrics": Metrics,
"name": "abc123",
"periods": [TimePeriod],
"remoteIP": "xyz789",
"remoteIPInfo": IPInfo,
"socketInfo": SocketInfo,
"timeseries": [Timeseries]
}
InterfaceSnapshot
Fields
| Field Name | Description |
|---|---|
bgpState - BgpState
|
State of the BGP tunnel to the Cato Cloud |
cellularInterfaceInfo - CellularInterface
|
Information about cellular (LTE) interface |
connected - Boolean
|
Shows if the WAN link is connected to the PoP |
id - ID
|
Interface ID for the WAN link |
info - InterfaceInfo
|
data about the WAN link that is configured in the Socket Configuration window for the site |
name - String
|
WAN link name in the Cato Management Application |
naturalOrder - Int
|
Interface Natural order for WAN link |
physicalPort - Int
|
Physical WAN port on the Socket |
popName - String
|
The name of the PoP that the WAN link is connected to |
previousPopID - Int
|
The ID of the PoP that the WAN link was connected to before the current one |
previousPopName - String
|
The name of the PoP that the WAN link was connected to before the current one |
tunnelConnectionReason - String
|
Reason that the tunnel required a new connection (for example, PoP or Socket restarted) |
tunnelRemoteIP - String
|
IP address of the WAN ISP |
tunnelRemoteIPInfo - IPInfo
|
IP address, ISP, and geographical information related to the WAN ISP |
tunnelUptime - Int
|
Number of seconds that the tunnel is connected to a PoP |
type - String
|
No longer supported |
Example
{
"bgpState": "Active",
"cellularInterfaceInfo": CellularInterface,
"connected": true,
"id": "4",
"info": InterfaceInfo,
"name": "abc123",
"naturalOrder": 123,
"physicalPort": 987,
"popName": "abc123",
"previousPopID": 987,
"previousPopName": "xyz789",
"tunnelConnectionReason": "abc123",
"tunnelRemoteIP": "abc123",
"tunnelRemoteIPInfo": IPInfo,
"tunnelUptime": 123,
"type": "abc123"
}
InterfaceSubnetRef
BetaInternetFirewallActionConfig
BetaDescription
Configuration for Internet Firewall action
Fields
| Field Name | Description |
|---|---|
rbiProfile - [RbiProfileRef!]!
|
Defines the Remote Browser Isolation (RBI) profile to apply when the rule action is set to RBI. Only a single element is allowed. |
userNotification - [UserNotificationTemplateRef!]!
|
Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed. |
Example
{
"rbiProfile": [RbiProfileRef],
"userNotification": [UserNotificationTemplateRef]
}
InternetFirewallActionConfigInput
BetaDescription
Configuration for Internet Firewall action
Fields
| Input Field | Description |
|---|---|
rbiProfile - [RbiProfileRefInput!]!
|
Defines the Remote Browser Isolation (RBI) profile to apply when the rule action is set to RBI. Only a single element is allowed. Default |
userNotification - [UserNotificationTemplateRefInput!]!
|
Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed. Default |
Example
{
"rbiProfile": [RbiProfileRefInput],
"userNotification": [UserNotificationTemplateRefInput]
}
InternetFirewallActionConfigUpdateInput
BetaDescription
Configuration for Internet Firewall action
Fields
| Input Field | Description |
|---|---|
rbiProfile - [RbiProfileRefInput!]
|
Defines the Remote Browser Isolation (RBI) profile to apply when the rule action is set to RBI. Only a single element is allowed. |
userNotification - [UserNotificationTemplateRefInput!]
|
Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed. |
Example
{
"rbiProfile": [RbiProfileRefInput],
"userNotification": [UserNotificationTemplateRefInput]
}
InternetFirewallActionEnum
BetaDescription
The action applied by the Internet Firewall if the rule is matched
Values
| Enum Value | Description |
|---|---|
|
|
Allow the network traffic to pass through the firewall. |
|
|
Deny the network traffic from passing through the firewall. |
|
|
Requests user confirmation to allow or block network traffic. |
|
|
Apply Remote Browser Isolation (RBI) to the network traffic |
Example
"ALLOW"
InternetFirewallAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - InternetFirewallActionEnum!
|
The action applied by the Internet Firewall if the rule is matched Default |
actionConfig - InternetFirewallActionConfigInput!
|
Configuration for Internet Firewall action Default |
activePeriod - PolicyRuleActivePeriodInput!
|
The time period during which the rule is active, outside this period, the rule is inactive Default |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic Default |
country - [CountryRefInput!]!
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
description - String!
|
|
destination - InternetFirewallDestinationInput!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
device - [DeviceProfileRefInput!]!
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
deviceAttributes - DeviceAttributesInput!
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. Default |
deviceOS - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
enabled - Boolean!
|
|
exceptions - [InternetFirewallRuleExceptionInput!]!
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. Default |
name - String!
|
|
schedule - PolicyScheduleInput!
|
The time period specifying when the rule is enabled, otherwise it is disabled. Default |
service - InternetFirewallServiceTypeInput!
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
source - InternetFirewallSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
tracking - PolicyTrackingInput!
|
Tracking information when the rule is matched, such as events and notifications Default |
Example
{
"action": "ALLOW",
"actionConfig": InternetFirewallActionConfigInput,
"activePeriod": PolicyRuleActivePeriodInput,
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "abc123",
"destination": InternetFirewallDestinationInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesInput,
"deviceOS": ["ANDROID"],
"enabled": true,
"exceptions": [InternetFirewallRuleExceptionInput],
"name": "abc123",
"schedule": PolicyScheduleInput,
"service": InternetFirewallServiceTypeInput,
"source": InternetFirewallSourceInput,
"tracking": PolicyTrackingInput
}
InternetFirewallAddRuleInput
BetaDescription
Rule parameters and relevant position
Fields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - InternetFirewallAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": InternetFirewallAddRuleDataInput
}
InternetFirewallAddSubPolicyDataInput
BetaInternetFirewallAddSubPolicyInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput!
|
|
policy - InternetFirewallAddSubPolicyDataInput
|
|
scope - InternetFirewallAddRuleDataInput!
|
Example
{
"at": PolicyRulePositionInput,
"policy": InternetFirewallAddSubPolicyDataInput,
"scope": InternetFirewallAddRuleDataInput
}
InternetFirewallAddSubPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - InternetFirewallPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": InternetFirewallPolicy,
"status": "FAILURE"
}
InternetFirewallContainer
BetaFields
| Field Name | Description |
|---|---|
fqdnContainer - [FqdnContainerRef!]!
|
|
ipAddressRangeContainer - [IpAddressRangeContainerRef!]!
|
Example
{
"fqdnContainer": [FqdnContainerRef],
"ipAddressRangeContainer": [IpAddressRangeContainerRef]
}
InternetFirewallContainerInput
BetaFields
| Input Field | Description |
|---|---|
fqdnContainer - [FqdnContainerRefInput!]!
|
|
ipAddressRangeContainer - [IpAddressRangeContainerRefInput!]!
|
Example
{
"fqdnContainer": [FqdnContainerRefInput],
"ipAddressRangeContainer": [
IpAddressRangeContainerRefInput
]
}
InternetFirewallContainerUpdateInput
BetaFields
| Input Field | Description |
|---|---|
fqdnContainer - [FqdnContainerRefInput!]
|
|
ipAddressRangeContainer - [IpAddressRangeContainerRefInput!]
|
Example
{
"fqdnContainer": [FqdnContainerRefInput],
"ipAddressRangeContainer": [
IpAddressRangeContainerRefInput
]
}
InternetFirewallDestination
BetaDescription
Returns the settings for Destination of an Internet Firewall rule
Fields
| Field Name | Description |
|---|---|
appCategory - [ApplicationCategoryRef!]!
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRef!]!
|
Applications for the rule (pre-defined) |
containers - InternetFirewallContainer!
|
|
country - [CountryRef!]!
|
Countries |
customApp - [CustomApplicationRef!]!
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRef!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]!
|
IPv4 addresses |
ipRange - [IpAddressRange!]!
|
A range of IPs. Every IP within the range will be matched |
remoteAsn - [Asn32!]!
|
Remote Autonomous System Number (ASN) |
sanctionedAppsCategory - [SanctionedAppsCategoryRef!]!
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
subnet - [NetworkSubnet!]!
|
Network subnets in CIDR notation |
Example
{
"appCategory": [ApplicationCategoryRef],
"application": [ApplicationRef],
"containers": InternetFirewallContainer,
"country": [CountryRef],
"customApp": [CustomApplicationRef],
"customCategory": [CustomCategoryRef],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"remoteAsn": [Asn32],
"sanctionedAppsCategory": [SanctionedAppsCategoryRef],
"subnet": [NetworkSubnet]
}
InternetFirewallDestinationInput
BetaDescription
Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]!
|
Cato category of applications which are dynamically updated by Cato Default |
application - [ApplicationRefInput!]!
|
Applications for the rule (pre-defined) Default |
containers - InternetFirewallContainerInput!
|
|
country - [CountryRefInput!]!
|
Countries Default |
customApp - [CustomApplicationRefInput!]!
|
Custom (user-defined) applications Default |
customCategory - [CustomCategoryRefInput!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. Default |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. Default |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
ip - [IPAddress!]!
|
IPv4 addresses Default |
ipRange - [IpAddressRangeInput!]!
|
A range of IPs. Every IP within the range will be matched Default |
remoteAsn - [Asn32!]!
|
Remote Autonomous System Number (ASN) Default |
sanctionedAppsCategory - [SanctionedAppsCategoryRefInput!]!
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. Default |
subnet - [NetworkSubnet!]!
|
Network subnets in CIDR notation Default |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"containers": InternetFirewallContainerInput,
"country": [CountryRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"remoteAsn": [Asn32],
"sanctionedAppsCategory": [
SanctionedAppsCategoryRefInput
],
"subnet": [NetworkSubnet]
}
InternetFirewallDestinationUpdateInput
BetaDescription
Input of the settings for Destination of an Internet Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. application: [], country: [], etc...)
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRefInput!]
|
Applications for the rule (pre-defined) |
containers - InternetFirewallContainerUpdateInput
|
|
country - [CountryRefInput!]
|
Countries |
customApp - [CustomApplicationRefInput!]
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRefInput!]
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
domain - [Domain!]
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]
|
IPv4 addresses |
ipRange - [IpAddressRangeInput!]
|
A range of IPs. Every IP within the range will be matched |
remoteAsn - [Asn32!]
|
Remote Autonomous System Number (ASN) |
sanctionedAppsCategory - [SanctionedAppsCategoryRefInput!]
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
subnet - [NetworkSubnet!]
|
Network subnets in CIDR notation |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"containers": InternetFirewallContainerUpdateInput,
"country": [CountryRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"remoteAsn": [Asn32],
"sanctionedAppsCategory": [
SanctionedAppsCategoryRefInput
],
"subnet": [NetworkSubnet]
}
InternetFirewallPolicy
BetaFields
| Field Name | Description |
|---|---|
access - EntityAccess!
|
Holds the complete set of access capabilities and limitations associated with the entity. |
audit - PolicyAudit
|
|
description - String!
|
Description for the policy |
enabled - Boolean!
|
|
id - ID!
|
Policy ID |
name - String!
|
Name of the policy, the default name for the policy containing all sub-policies is 'Main' |
revision - PolicyRevision
|
|
rules - [InternetFirewallRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
|
subPolicies - [InternetFirewallSubPolicyPayload!]!
|
Holds a list of all allowed sub-policies according to admin access capabilities |
Example
{
"access": EntityAccess,
"audit": PolicyAudit,
"description": "xyz789",
"enabled": false,
"id": "4",
"name": "abc123",
"revision": PolicyRevision,
"rules": [InternetFirewallRulePayload],
"sections": [PolicySectionPayload],
"subPolicies": [InternetFirewallSubPolicyPayload]
}
InternetFirewallPolicyInfo
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit!
|
|
description - String!
|
|
enabled - Boolean!
|
|
id - ID!
|
|
name - String!
|
|
policyLevel - PolicyLevelEnum!
|
Example
{
"audit": PolicyAudit,
"description": "xyz789",
"enabled": true,
"id": "4",
"name": "xyz789",
"policyLevel": "MAIN"
}
InternetFirewallPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
InternetFirewallPolicyListFilterInput
BetaFields
| Input Field | Description |
|---|---|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
|
policyLevel - [PolicyLevelEnumFilterInput!]
|
Example
{
"id": [IdFilterInput],
"name": [StringFilterInput],
"policyLevel": [PolicyLevelEnumFilterInput]
}
InternetFirewallPolicyListInput
BetaFields
| Input Field | Description |
|---|---|
filter - InternetFirewallPolicyListFilterInput
|
|
paging - PagingInput!
|
|
sort - InternetFirewallPolicyListSortInput!
|
Example
{
"filter": InternetFirewallPolicyListFilterInput,
"paging": PagingInput,
"sort": InternetFirewallPolicyListSortInput
}
InternetFirewallPolicyListPayload
BetaFields
| Field Name | Description |
|---|---|
items - [InternetFirewallPolicyInfo!]!
|
|
paging - PageInfo!
|
Example
{
"items": [InternetFirewallPolicyInfo],
"paging": PageInfo
}
InternetFirewallPolicyListSortInput
BetaFields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
|
policyLevel - SortOrderInput
|
Example
{
"name": SortOrderInput,
"policyLevel": SortOrderInput
}
InternetFirewallPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
InternetFirewallPolicyMutationPayload
BetaDescription
Internet Firewall policy information provided in the API response
Fields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - InternetFirewallPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": InternetFirewallPolicy,
"status": "FAILURE"
}
InternetFirewallPolicyRef
BetaInternetFirewallPolicyRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
InternetFirewallPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
InternetFirewallRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
InternetFirewallRemoveSubPolicyInput
BetaFields
| Input Field | Description |
|---|---|
ref - InternetFirewallPolicyRefInput!
|
Example
{"ref": InternetFirewallPolicyRefInput}
InternetFirewallRemoveSubPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - InternetFirewallPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": InternetFirewallPolicy,
"status": "FAILURE"
}
InternetFirewallRule
BetaFields
| Field Name | Description |
|---|---|
action - InternetFirewallActionEnum!
|
The action applied by the Internet Firewall if the rule is matched |
actionConfig - InternetFirewallActionConfig!
|
Configuration for Internet Firewall action |
activePeriod - PolicyRuleActivePeriod!
|
The time period during which the rule is active, outside this period, the rule is inactive |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic |
country - [CountryRef!]!
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String!
|
Description for the rule |
destination - InternetFirewallDestination!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
device - [DeviceProfileRef!]!
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
deviceAttributes - DeviceAttributes!
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
deviceOS - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
exceptions - [InternetFirewallRuleException!]!
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
schedule - PolicySchedule!
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
service - InternetFirewallServiceType!
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - InternetFirewallSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
tracking - PolicyTracking!
|
Tracking information when the rule is matched, such as events and notifications |
Example
{
"action": "ALLOW",
"actionConfig": InternetFirewallActionConfig,
"activePeriod": PolicyRuleActivePeriod,
"connectionOrigin": "ANY",
"country": [CountryRef],
"description": "xyz789",
"destination": InternetFirewallDestination,
"device": [DeviceProfileRef],
"deviceAttributes": DeviceAttributes,
"deviceOS": ["ANDROID"],
"enabled": false,
"exceptions": [InternetFirewallRuleException],
"id": 4,
"index": 987,
"name": "abc123",
"schedule": PolicySchedule,
"section": PolicySectionInfo,
"service": InternetFirewallServiceType,
"source": InternetFirewallSource,
"tracking": PolicyTracking
}
InternetFirewallRuleException
BetaDescription
Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules.
Fields
| Field Name | Description |
|---|---|
connectionOrigin - ConnectionOriginEnum!
|
Connection origin matching criteria for the exception. |
country - [CountryRef!]!
|
Source country matching criteria for the exception. |
destination - InternetFirewallDestination!
|
Destination matching criteria for the exception. |
device - [DeviceProfileRef!]!
|
Source Device Profile matching criteria for the exception. |
deviceAttributes - DeviceAttributes!
|
Source Device Attributes matching criteria for the exception. |
deviceOS - [OperatingSystem!]!
|
Source device OS matching criteria for the exception. |
name - String!
|
A unique name of the rule exception. |
service - InternetFirewallServiceType!
|
Destination service matching criteria for the exception. |
source - InternetFirewallSource!
|
Source traffic matching criteria for the exception. |
Example
{
"connectionOrigin": "ANY",
"country": [CountryRef],
"destination": InternetFirewallDestination,
"device": [DeviceProfileRef],
"deviceAttributes": DeviceAttributes,
"deviceOS": ["ANDROID"],
"name": "xyz789",
"service": InternetFirewallServiceType,
"source": InternetFirewallSource
}
InternetFirewallRuleExceptionInput
BetaDescription
Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules.
Fields
| Input Field | Description |
|---|---|
connectionOrigin - ConnectionOriginEnum!
|
Connection origin matching criteria for the exception. Default |
country - [CountryRefInput!]!
|
Source country matching criteria for the exception. Default |
destination - InternetFirewallDestinationInput!
|
Destination matching criteria for the exception. Default |
device - [DeviceProfileRefInput!]!
|
Source Device Profile matching criteria for the exception. Default |
deviceAttributes - DeviceAttributesInput!
|
Source Device Attributes matching criteria for the exception. Default |
deviceOS - [OperatingSystem!]!
|
Source device OS matching criteria for the exception. Default |
name - String!
|
A unique name of the rule exception. |
service - InternetFirewallServiceTypeInput!
|
Destination service matching criteria for the exception. Default |
source - InternetFirewallSourceInput!
|
Source traffic matching criteria for the exception. Default |
Example
{
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"destination": InternetFirewallDestinationInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesInput,
"deviceOS": ["ANDROID"],
"name": "xyz789",
"service": InternetFirewallServiceTypeInput,
"source": InternetFirewallSourceInput
}
InternetFirewallRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - InternetFirewallRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": InternetFirewallRulePayload,
"status": "FAILURE"
}
InternetFirewallRulePayload
BetaDescription
Internet Firewall policy information for a specific revision
Fields
| Field Name | Description |
|---|---|
access - EntityAccess!
|
Holds the complete set of access capabilities and limitations associated with the entity. |
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - InternetFirewallRule!
|
|
ruleType - PolicyRuleTypeEnum!
|
POLICY_RULE = Rule is a regular policy rule SUB_POLICY_SCOPE = Rule is a scoping rule wrapping a sub-policy and predicate apply to all sub-policy rules |
subPolicy - InternetFirewallPolicyRef
|
A reference to the sub-policy the entity is referring to |
Example
{
"access": EntityAccess,
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": InternetFirewallRule,
"ruleType": "POLICY_RULE",
"subPolicy": InternetFirewallPolicyRef
}
InternetFirewallServiceType
BetaDescription
Returns the Service Type to which this Internet Firewall rule applies
Fields
| Field Name | Description |
|---|---|
custom - [CustomService!]!
|
|
standard - [ServiceRef!]!
|
Example
{
"custom": [CustomService],
"standard": [ServiceRef]
}
InternetFirewallServiceTypeInput
BetaDescription
Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]!
|
|
standard - [ServiceRefInput!]!
|
Example
{
"custom": [CustomServiceInput],
"standard": [ServiceRefInput]
}
InternetFirewallServiceTypeUpdateInput
BetaDescription
Input of the Service Type to which this Internet Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]
|
|
standard - [ServiceRefInput!]
|
Example
{
"custom": [CustomServiceInput],
"standard": [ServiceRefInput]
}
InternetFirewallSource
BetaDescription
Returns the settings for Source of an Internet Firewall rule
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
InternetFirewallSourceInput
BetaDescription
Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
InternetFirewallSourceUpdateInput
BetaDescription
Input of the settings for Source of an Internet Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
InternetFirewallSubPolicyPayload
BetaFields
| Field Name | Description |
|---|---|
access - EntityAccess!
|
|
policy - InternetFirewallPolicyInfo!
|
|
properties - [SubPolicyProperty!]!
|
Example
{
"access": EntityAccess,
"policy": InternetFirewallPolicyInfo,
"properties": ["READ_ONLY"]
}
InternetFirewallUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - InternetFirewallActionEnum
|
The action applied by the Internet Firewall if the rule is matched |
actionConfig - InternetFirewallActionConfigUpdateInput
|
Configuration for Internet Firewall action |
activePeriod - PolicyRuleActivePeriodUpdateInput
|
The time period during which the rule is active, outside this period, the rule is inactive |
connectionOrigin - ConnectionOriginEnum
|
Connection origin of the traffic |
country - [CountryRefInput!]
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String
|
|
destination - InternetFirewallDestinationUpdateInput
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
device - [DeviceProfileRefInput!]
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
deviceAttributes - DeviceAttributesUpdateInput
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
deviceOS - [OperatingSystem!]
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean
|
|
exceptions - [InternetFirewallRuleExceptionInput!]
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. |
name - String
|
|
schedule - PolicyScheduleUpdateInput
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
service - InternetFirewallServiceTypeUpdateInput
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - InternetFirewallSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
tracking - PolicyTrackingUpdateInput
|
Tracking information when the rule is matched, such as events and notifications |
Example
{
"action": "ALLOW",
"actionConfig": InternetFirewallActionConfigUpdateInput,
"activePeriod": PolicyRuleActivePeriodUpdateInput,
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "xyz789",
"destination": InternetFirewallDestinationUpdateInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesUpdateInput,
"deviceOS": ["ANDROID"],
"enabled": false,
"exceptions": [InternetFirewallRuleExceptionInput],
"name": "xyz789",
"schedule": PolicyScheduleUpdateInput,
"service": InternetFirewallServiceTypeUpdateInput,
"source": InternetFirewallSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
InternetFirewallUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - InternetFirewallUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": InternetFirewallUpdateRuleDataInput
}
InvalidGroupMemberTypeInScope
BetaDescription
Represents a member type in the group that is not supported in one or more scopes. Each scope indicates where the member type is not allowed.
Fields
| Field Name | Description |
|---|---|
scope - [GroupScope!]!
|
List of scopes (policy type and field) where this member type is not supported. |
type - GroupMemberRefType!
|
The unsupported member type (e.g., site, host, etc.) |
Example
{"scope": [GroupScope], "type": "FLOATING_SUBNET"}
InvestigationDetails
BetaFields
| Field Name | Description |
|---|---|
investigationStatus - String
|
|
lastManagedComment - StoryComment
|
|
lastUserComment - StoryComment
|
|
managedServiceTicketLink - String
|
Example
{
"investigationStatus": "xyz789",
"lastManagedComment": StoryComment,
"lastUserComment": StoryComment,
"managedServiceTicketLink": "xyz789"
}
InvoiceRef
BetaIotOtLicense
BetaDescription
IoT/OT Security service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
IpAddressRange
BetaDescription
Inclusive range of IPs
Fields
| Field Name | Description |
|---|---|
from - IPAddress!
|
|
to - IPAddress!
|
Example
{"from": IPAddress, "to": IPAddress}
IpAddressRangeContainer
BetaDescription
A group with members of IPAddressRange type
Fields
| Field Name | Description |
|---|---|
audit - ContainerAudit!
|
Audit metadata about the container |
description - String
|
Description for the container |
id - ID!
|
Unique container ID |
name - String!
|
Name for the container |
size - Int!
|
Number of items in the container |
syncData - ContainerSyncData
|
Information about automatic synchronization of the container |
syncDataAudit - ContainerSyncDataAudit
|
Audit information about the last synchronization of the container |
Example
{
"audit": ContainerAudit,
"description": "xyz789",
"id": "4",
"name": "xyz789",
"size": 987,
"syncData": ContainerSyncData,
"syncDataAudit": ContainerSyncDataAudit
}
IpAddressRangeContainerAddValuesInput
BetaDescription
Input for adding values to existing IPAddressRange typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
values - [IpAddressRangeInput!]!
|
Example
{
"ref": ContainerRefInput,
"values": [IpAddressRangeInput]
}
IpAddressRangeContainerAddValuesPayload
BetaDescription
Payload of AddValues operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
IpAddressRangeContainerRef
BetaIpAddressRangeContainerRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Defines the object identification method – by ID (default) or by name Default |
input - String!
|
The object identification (ID or name) value |
Example
{"by": "ID", "input": "abc123"}
IpAddressRangeContainerRemoveValuesInput
BetaDescription
Input for removing values from existing IPAddressRange typed container
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
values - [IpAddressRangeInput!]!
|
Example
{
"ref": ContainerRefInput,
"values": [IpAddressRangeInput]
}
IpAddressRangeContainerRemoveValuesPayload
BetaDescription
Payload of AddValues operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
IpAddressRangeContainerSearchInput
BetaDescription
Filtering input to IPAddressRange container search
Fields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
Example
{"ref": ContainerRefInput}
IpAddressRangeContainerSearchIpAddressRangeInput
BetaDescription
Input for searching IPAddressRange typed containers that contain a specific IPAddressRange
Fields
| Input Field | Description |
|---|---|
ipAddressRange - IpAddressRangeInput!
|
Example
{"ipAddressRange": IpAddressRangeInput}
IpAddressRangeContainerSearchIpAddressRangePayload
BetaDescription
Payload of IPAddressRange search query
Fields
| Field Name | Description |
|---|---|
containers - [IpAddressRangeContainer!]!
|
List of containers with members of type IPAddressRange |
Example
{"containers": [IpAddressRangeContainer]}
IpAddressRangeContainerSearchPayload
BetaDescription
Payload of IPAddressRange container search
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
IpAddressRangeInput
BetaDescription
Inclusive range of IPs
Fields
| Input Field | Description |
|---|---|
from - IPAddress!
|
|
to - IPAddress!
|
Example
{"from": IPAddress, "to": IPAddress}
IpProtocol
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
TCP or UDP |
|
|
Example
"ANY"
IpSecCipher
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AES_CBC_128"
IpSecDHGroup
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AUTOMATIC"
IpSecHash
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AUTOMATIC"
IpsLicense
BetaDescription
Intrusion Prevention System (IPS) service license (Legacy license, replaced by TP)
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
IpsecIkeV2MessageInput
BetaFields
| Input Field | Description |
|---|---|
cipher - IpSecCipher
|
The SA tunnel encryption method. Note: For situations where GCM isn’t supported for the INIT phase, we recommend that you use the CBC algorithm for the INIT phase, and GCM for AUTH |
dhGroup - IpSecDHGroup
|
The Diffie-Hellman Group. The first number is the DH-group number, and the second number is the corresponding prime modulus size in bits |
integrity - IpSecHash
|
The algorithm used to verify the integrity and authenticity of IPsec packets |
prf - IpSecHash
|
The Pseudo-random function (PRF) used to derive the cryptographic keys used in the SA establishment process |
Example
{
"cipher": "AES_CBC_128",
"dhGroup": "AUTOMATIC",
"integrity": "AUTOMATIC",
"prf": "AUTOMATIC"
}
IspLoaFile
LastMileBwInput
BetaFields
| Input Field | Description |
|---|---|
downstream - Int
|
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth. |
downstreamMbpsPrecision - Float
|
The maximum downstream bandwidth from the Cato Cloud to the site, in Mbps with single decimal precision. This value can be used for capping the downstream traffic. It should not be set above the ISP downstream bandwidth or the site license bandwidth. |
upstream - Int
|
The maximum upstream bandwidth, in Mbps. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud. |
upstreamMbpsPrecision - Float
|
The maximum upstream bandwidth, in Mbps with single decimal precision. The Cato Cloud cannot cap this direction, and this setting is used as a best-effort indication by the Cato Cloud. |
Example
{
"downstream": 123,
"downstreamMbpsPrecision": 987.7,
"upstream": 123,
"upstreamMbpsPrecision": 987.7
}
License
BetaDescription
An interface containing properties that are common to all license types
Fields
| Field Name | Description |
|---|---|
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
description - String
|
|
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
status - LicenseStatus!
|
License activation status |
startDate - DateTime
|
License start date |
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
Possible Types
| License Types |
|---|
Example
{
"id": 4,
"description": "abc123",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"status": "ACTIVE",
"startDate": "2007-12-03T10:15:30Z",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z"
}
LicensePlan
BetaDescription
enum for license plan type (site license, service license, etc...)
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"COMMERCIAL"
LicenseSku
BetaValues
| Enum Value | Description |
|---|---|
|
|
Cato App & Data Security Package BW SKU |
|
|
Cato App & Data Security Package Users SKU |
|
|
Cato AI Security Applications SKU |
|
|
Cato AI Security Users SKU |
|
|
Cato Anti Malware (legacy) service SKU |
|
|
Cato Anti Malware Next Generation (legacy) service SKU |
|
|
Cato App Connector Bandwidth SKU |
|
|
Cato App Connector User SKU |
|
|
Cato Assets Group SKU |
|
|
Cato Assets Security 1.5K Devices SKU |
|
|
Cato Assets Security 2.5K - 10K Devices SKU |
|
|
Cato Assets Security 10K - 15K Devices SKU |
|
|
Cato Assets Security 1.5K - 2.5K Devices SKU |
|
|
Cato Assets Security 15K - 25K Devices SKU |
|
|
Cato Assets Security 25K - 50K Devices SKU |
|
|
Cato Assets Security Above 50K Devices SKU |
|
|
Cato Advanced Protection BW SKU |
|
|
Cato Advanced Protection Users SKU |
|
|
Cato ATP for MSP users SKU |
|
|
Cato CASB service SKU |
|
|
Cato Cloud Access Security Broker BW SKU |
|
|
Cato CASB for MSP bandwidth SKU |
|
|
Cato Cloud Access Security Broker Users SKU |
|
|
Cato CASB for MSP users SKU |
|
|
Cato datalake Group SKU |
|
|
Cato Data Lake Storage 2.5M/h, 12 Month Retention SKU |
|
|
Cato Data Lake Storage 2.5M/h, 3 Month Retention SKU |
|
|
Cato Data Lake Storage 2.5M/h, 6 Month Retention SKU |
|
|
Cato DEM service SKU |
|
|
Cato Digital Experience Monitoring SKU |
|
|
Cato DLP service SKU |
|
|
Cato Data Loss Prevention BW SKU |
|
|
Cato DLP for MSP bandwidth SKU |
|
|
Cato Data Loss Prevention Users SKU |
|
|
Cato DLP for MSP users SKU |
|
|
Cato EPP service SKU |
|
|
Cato Endpoint Protection SKU |
|
|
Cato Hands Free Management SKU |
|
|
Cato ILMM service SKU |
|
|
Cato Intelligent Last Mile Management SKU |
|
|
Cato IoT/OT Security service SKU |
|
|
Public IPs SKU |
|
|
Cato IPS (legacy) service SKU |
|
|
Cato Managed XDR service SKU |
|
|
Cato MDR service SKU |
|
|
Cato Managed Detection and Response SKU |
|
|
Cato NOCaaS service SKU |
|
|
Cato NOCaaS SKU |
|
|
Site pooled bandwidth SASE SKU |
|
|
Site pooled bandwidth SSE SKU |
|
|
Cato Remote Browser Isolation (RBI) service SKU |
|
|
Cato Remote Browser Isolation BW SKU |
|
|
Cato Remote Browser Isolation Users SKU |
|
|
Cato Remote User SKU |
|
|
Cato SAAS Group SKU |
|
|
|
|
|
Cato SAAS Security API with more than two Applications integration (legacy) service SKU |
|
|
Cato SAAS Security API with one application integration (legacy) service SKU |
|
|
Cato SAAS Security API with two applications integration (legacy) service SKU |
|
|
Cato Secured Internet Access Bandwidth SKU |
|
|
Cato Secured Internet Access User SKU |
|
|
Site bandwidth SASE SKU |
|
|
Cato Sandbox BW SKU |
|
|
Cato Sandbox Users SKU |
|
|
Cato Socket X1500 SKU |
|
|
Cato Socket X1600 5G SKU |
|
|
Cato Socket X1600 LTE SKU |
|
|
Cato Socket X1600 SKU |
|
|
Cato Socket X1600 Wifi + 5G SKU |
|
|
Cato Socket X1600 Wifi SKU |
|
|
Cato Socket X1700 SKU |
|
|
Site bandwidth SSE SKU |
|
|
Cato Threat Prevention (legacy) service SKU |
|
|
Cato Advanced Threat Prevention service SKU |
|
|
Cato ATP for MSP bandwidth SKU |
|
|
Cato TP for MSP bandwidth SKU |
|
|
Cato TP for MSP users SKU |
|
|
Cato WAN Bandwidth SKU |
|
|
Cato WAN Threat Prevention BW SKU |
|
|
Cato XDR service SKU |
|
|
Cato XOps service SKU |
|
|
Cato XOPs SKU |
|
|
ZTNA remote users SKU |
|
|
ZTNA remote users SKU replaced with CATO_ZTNA_USERS |
Example
"CATO_ADSP_B"
LicenseStatus
BetaDescription
enum for account plan status – the current license status within the license lifecycle
Values
| Enum Value | Description |
|---|---|
|
|
A license that is currently active |
|
|
An expired license is no longer active |
|
|
A license in a grace period |
|
|
The license is pending customer activation by setting a start date |
|
|
An existing license with a future start date that is not currently active |
|
|
A license that is active before its start date, for partners and customers to verify the relevant configurations |
Example
"ACTIVE"
LicensingInfo
BetaDescription
Public license API
Fields
Example
{
"aiSecurityApplications": [
AISecurityApplicationsLicense
],
"aiSecurityUsers": [AISecurityUsersLicense],
"atp": [AtpLicense],
"casb": [CasbLicense],
"dataLake": [DataLakeLicense],
"dem": [DemLicense],
"dlp": [DlpLicense],
"endpointProtection": [EndpointProtectionLicense],
"globalLicenseAllocations": GlobalLicenseAllocations,
"ilmm": [IlmmLicense],
"iotOt": [IotOtLicense],
"ips": [IpsLicense],
"licenses": [License],
"malwareProtection": [MalwareProtectionLicense],
"managedXdr": [ManagedXdrLicense],
"mdr": [MdrLicense],
"nextGenMalwareProtection": [
NextGenMalwareProtectionLicense
],
"nocaas": [NOCaaSLicense],
"pooledBandwidth": [PooledBandwidthLicense],
"publicIps": [PublicIpsLicense],
"rbi": [RbiLicense],
"saasSecurityApi": [SaasSecurityApiLicense],
"site": [SiteLicense],
"threatPrevention": [ThreatPreventionLicense],
"xdrPro": [XdrProLicense],
"xOps": [XOpsLicense],
"ztnaUsers": [ZtnaUsersLicense]
}
LinkConfigPrecedenceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
LinkQualityIssue
Fields
| Field Name | Description |
|---|---|
current - Int
|
|
direction - TrafficDirectionEnum
|
|
issueType - LinkQualityIssueTypeEnum
|
|
threshold - Int
|
Example
{
"current": 123,
"direction": "DOWNSTREAM",
"issueType": "CONGESTION",
"threshold": 123
}
LinkQualityIssueTypeEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONGESTION"
LinkStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ACTIVE"
Location
BetaFields
| Field Name | Description |
|---|---|
account - AccountRef!
|
Cma account |
archived - Boolean!
|
Is archived |
audit - AuditingMetadata!
|
Audit data |
businessUnit - String
|
Business unit |
description - String
|
Location description |
details - LocationDetails!
|
Location details |
id - ID!
|
Location id |
name - String!
|
Location name |
type - LocationType!
|
Location type |
Example
{
"account": AccountRef,
"archived": false,
"audit": AuditingMetadata,
"businessUnit": "xyz789",
"description": "xyz789",
"details": LocationDetails,
"id": "4",
"name": "xyz789",
"type": "BRANCH"
}
LocationDetails
BetaFields
| Field Name | Description |
|---|---|
companyName - String
|
Company name (recipient) |
contact - ContactDetails
|
Delivery contact detail |
postalAddress - PostalAddress!
|
Postal location |
shippingLocation - Boolean!
|
Is shipping location |
vatId - String
|
Vat id (required for Brazil) |
Example
{
"companyName": "xyz789",
"contact": ContactDetails,
"postalAddress": PostalAddress,
"shippingLocation": true,
"vatId": "abc123"
}
LocationFilterInput
BetaFields
| Input Field | Description |
|---|---|
account - [AccountFilter!]
|
|
countryCode - [StringFilterInput!]
|
|
freeText - FreeTextFilterInput
|
Will use contains operator for the provided text on the location fields |
id - [IdFilterInput!]
|
|
includeArchived - Boolean
|
|
isShippingLocation - Boolean
|
|
name - [StringFilterInput!]
|
|
type - [LocationTypeFilterInput!]
|
Example
{
"account": [AccountFilter],
"countryCode": [StringFilterInput],
"freeText": FreeTextFilterInput,
"id": [IdFilterInput],
"includeArchived": true,
"isShippingLocation": true,
"name": [StringFilterInput],
"type": [LocationTypeFilterInput]
}
LocationRef
BetaLocationSortInput
BetaFields
| Input Field | Description |
|---|---|
country - SortOrderInput
|
|
name - SortOrderInput
|
Default sort field |
type - SortOrderInput
|
Example
{
"country": SortOrderInput,
"name": SortOrderInput,
"type": SortOrderInput
}
LocationType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"BRANCH"
LocationTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - LocationType
|
|
in - [LocationType!]
|
|
neq - LocationType
|
|
nin - [LocationType!]
|
Example
{"eq": "BRANCH", "in": ["BRANCH"], "neq": "BRANCH", "nin": ["BRANCH"]}
LookupFilterInput
Fields
| Input Field | Description |
|---|---|
filter - LookupFilterType
|
|
value - String
|
Example
{"filter": "country", "value": "abc123"}
LookupFilterType
Values
| Enum Value | Description |
|---|---|
|
|
Custom filter for country, used by city and state entityLookup |
|
|
Custom filter to be used with Site entityLookup, to get only sites with Alt WAN, possible values: "true", "false", |
|
|
Custom filter to be used with Site entityLookup, to get only sites that are configured as backhauling gateways, possible values: "true", "false", |
|
|
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values (there are more values that can supported): "SOCKET_X1500", "SOCKET_X1600", "SOCKET_X1700", "VSOCKET_VGX_ESX", "VSOCKET_VGX_AWS" "VSOCKET_VGX_AZURE" "SOCKET_X1600_LTE", |
|
|
Custom filter to be used with Site entityLookup, to get only sites with one connection type, possible values: "SOCKET", "IPSEC", "vSOCKET", "PHYSICAL_SOCKET" |
|
|
Custom filter to be used with Site entityLookup, to get only sites that are configured as OffCloudTransportEnabled, possible values: "true", "false", |
|
|
Custom filter for state used by city entityLookup |
Example
"country"
MacAddress
BetaDescription
FF:FF:FF:FF OR FF-FF-FF-FF
Example
MacAddress
MacAddressFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - MacAddress
|
|
in - [MacAddress!]
|
|
neq - MacAddress
|
|
nin - [MacAddress!]
|
Example
{
"eq": MacAddress,
"in": [MacAddress],
"neq": MacAddress,
"nin": [MacAddress]
}
MailingList
Description
Represents a Mailing List entity, including its unique ID, name, type, associated email addresses, administrators, and audit metadata.
Fields
| Field Name | Description |
|---|---|
address - [Email!]!
|
List of email addresses included in the Mailing List. |
admin - [AdminRef!]!
|
List of account administrators assigned to manage the Mailing List. |
audit - AuditingMetadata!
|
Audit metadata containing creation and modification details. |
id - ID!
|
Unique identifier of the Mailing List. |
name - String!
|
Name of the Mailing List |
type - MailingListAddressesType!
|
Specifies how the Mailing List addresses are defined (e.g., all admins, specific_emails, system). |
Example
{
"address": [Email],
"admin": [AdminRef],
"audit": AuditingMetadata,
"id": "4",
"name": "xyz789",
"type": "SPECIFIC_EMAILS"
}
MailingListAddressesType
Values
| Enum Value | Description |
|---|---|
|
|
Example
"SPECIFIC_EMAILS"
MailingListListPayload
Description
Response payload for retrieving a list of Mailing Lists associated with an account
Fields
| Field Name | Description |
|---|---|
items - [MailingList!]!
|
List of Mailing List configured for the account. |
paging - PageInfo!
|
Pagination metadata for the list of Mailing List. |
Example
{
"items": [MailingList],
"paging": PageInfo
}
MailingListRefInput
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Specify the Mailing List by name or by ID. IDs are automatically unique, if you use a non-unique name, it will result in an error. Default |
input - String!
|
The corresponding name or ID. |
Example
{"by": "ID", "input": "xyz789"}
MalwareProtectionLicense
BetaDescription
Anti-Malware service license details (Legacy license, replaced by TP)
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
ManagedXdrLicense
BetaDescription
Managed XDR service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
Map
Description
A generic key-value map.
Represents an arbitrary JSON object, e.g.: { "key1": "value1", "key2": "value2" }
Keys must be strings, and values can be of any valid JSON type (string, number, boolean, array, or object).
Example
Map
MdrLicense
BetaDescription
MDR service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
Measure
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
fieldName - AppStatsFieldName!
|
|
trend - Boolean
|
Example
{"aggType": "any", "fieldName": "account_id", "trend": false}
MeasuresParameters
Fields
| Field Name | Description |
|---|---|
aggType - String
|
|
fieldName - String
|
|
unitType - MeasuresUnitType
|
Example
{
"aggType": "xyz789",
"fieldName": "abc123",
"unitType": "BITS_PER_SECOND"
}
MeasuresUnitType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"BITS_PER_SECOND"
MergedIncident
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
Unique Cato ID for each story |
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
lastSignal - DateTime!
|
Timestamp for the last (most recent) incident signal related to this story |
engineType - StoryEngineTypeEnum
|
XDR engine involved with the incident |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
producer - StoryProducerEnum!
|
Producer (specific XDR engine and service) involved with the incident Beta use 'producerType' instead |
producerType - StoryProducerEnum!
|
|
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
connectionType - ConnectionTypeEnum
|
Connection for the incident |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
queryName - String
|
Category for the indication ID related to the story |
criticality - Int
|
For Network stories - The potential impact of the issue on your network. Values are from 1 (low impact) to 10 (high impact) For Security stories - Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
source - String
|
For Network stories - The site where the network issue is occurring For Security stories - IP address, name of device, or SDP user on your network involved in the story |
ticket - String
|
The ticket an analyst created for this story |
status - StoryStatusEnum
|
Status for the story |
research - Boolean
|
The value is TRUE when the story is currently being researched by Security Analysts |
siteName - String
|
Site name related to the story Beta 'siteName' is deprecated, use 'site.name' instead |
storyDuration - Int
|
Amount of time since the story was opened (no value for closed stories) |
description - String
|
For Security stories, description of the threat |
sourceIp - String
|
The source IP address of the device in your network sending or receiving the flow |
analystFeedback - AnalystFeedback
|
Fields related to analysts research of the threat incident |
site - SiteRef
|
Cato ID and name for the site |
user - UserRef
|
Cato ID and name for the user |
predictedVerdict - StoryVerdictEnum
|
|
predictedThreatType - String
|
|
categories - [IncidentCategory!]!
|
|
entities - [IncidentEntity!]!
|
|
muted - Boolean!
|
Possible Types
| MergedIncident Types |
|---|
Example
{
"id": 4,
"firstSignal": "2007-12-03T10:15:30Z",
"lastSignal": "2007-12-03T10:15:30Z",
"engineType": "ANOMALY",
"vendor": "CATO",
"producer": "AnomalyEvents",
"producerType": "AnomalyEvents",
"producerName": "xyz789",
"connectionType": "Host",
"indication": "xyz789",
"queryName": "abc123",
"criticality": 123,
"source": "abc123",
"ticket": "abc123",
"status": "Closed",
"research": false,
"siteName": "abc123",
"storyDuration": 123,
"description": "xyz789",
"sourceIp": "abc123",
"analystFeedback": AnalystFeedback,
"site": SiteRef,
"user": UserRef,
"predictedVerdict": "Benign",
"predictedThreatType": "abc123",
"categories": ["OPERATIONAL"],
"entities": [IncidentEntity],
"muted": true
}
MetadataType
Values
| Enum Value | Description |
|---|---|
|
|
Example
"TXT"
Metric
MetricDetails
Metrics
Fields
| Field Name | Description |
|---|---|
bytesDownstream - Float
|
total downstream traffic (from the Cato Cloud to the site) |
bytesTotal - Float
|
total traffic for the site |
bytesUpstream - Float
|
total upstream traffic (from the site to the Cato Cloud) |
duration - Int
|
total amount of time for the site data |
flowCount - Float
|
The number of flows (connections) in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics. |
granularity - Int
|
duration in seconds for a single metrics bucket |
hostCount - Float
|
The number of hosts in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics. |
hostLimit - Float
|
The configurable limit of the number of hosts in the tunnel. Relevant only for per site Metrics, ignored in per-interface metrics. |
jitterDownstream - Float
|
jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets) |
jitterUpstream - Float
|
jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets) |
lostDownstream - Float
|
number of packets lost for downstream traffic |
lostDownstreamPcnt - Float
|
percent of packet loss for downstream traffic |
lostUpstream - Float
|
number of packets lost for upstream traffic |
lostUpstreamPcnt - Float
|
percent of packet loss for upstream traffic |
packetsDiscardedDownstream - Float
|
total packets discarded for downstream traffic |
packetsDiscardedUpstream - Float
|
total packets discarded for upstream traffic |
packetsDownstream - Float
|
total downstream packets |
packetsUpstream - Float
|
total upstream packets |
rtt - Int
|
round-trip time from the site to the Cato Cloud |
Example
{
"bytesDownstream": 123.45,
"bytesTotal": 123.45,
"bytesUpstream": 987.65,
"duration": 987,
"flowCount": 123.45,
"granularity": 987,
"hostCount": 123.45,
"hostLimit": 123.45,
"jitterDownstream": 123.45,
"jitterUpstream": 123.45,
"lostDownstream": 123.45,
"lostDownstreamPcnt": 987.65,
"lostUpstream": 987.65,
"lostUpstreamPcnt": 123.45,
"packetsDiscardedDownstream": 987.65,
"packetsDiscardedUpstream": 123.45,
"packetsDownstream": 123.45,
"packetsUpstream": 123.45,
"rtt": 987
}
MicrosoftActivity
Description
The MicrosoftActivity object represents an activity within Microsoft services, containing fields such as action type, timestamps for the first and last activity, and identifiers for the activity and its associated resources.
Example
{
"action": "xyz789",
"firstActivityDateTime": "2007-12-03T10:15:30Z",
"id": 4,
"lastActivityDateTime": "2007-12-03T10:15:30Z",
"parentResourceId": 4,
"resourceId": 4
}
MicrosoftDefenderEndpointAlert
Description
The MicrosoftDefenderEndpointAlert object represents an alert generated by Microsoft Defender for Endpoint, containing details such as activities, classification, criticality, detection source, and recommended actions, among other attributes, to help in identifying and managing security threats.
Fields
| Field Name | Description |
|---|---|
activities - [MicrosoftActivity!]!
|
|
alertWebUrl - String
|
|
category - String
|
|
classification - AlertClassificationEnum
|
|
comments - [String!]!
|
|
createdDateTime - DateTime
|
|
criticality - Int
|
|
description - String
|
|
destinationIp - String
|
|
destinationUrl - String
|
|
detectionSource - DetectionSourceEnum
|
|
determination - AlertDeterminationEnum
|
|
externalIp - String
|
|
firstActivityDateTime - DateTime
|
|
id - ID!
|
|
lastActivityDateTime - DateTime
|
|
lastUpdateDateTime - DateTime
|
|
localIp - String
|
|
mitreSubTechnique - [Mitre!]!
|
|
mitreTechnique - [Mitre!]!
|
|
ownerName - String
|
|
providerAlertId - String
|
|
recommendedActions - String
|
|
resolvedDateTime - DateTime
|
|
resources - [MicrosoftEndpointResource!]!
|
|
status - MsAlertStatus
|
|
threatFamilyName - String
|
|
threatName - String
|
|
threatType - String
|
|
title - String
|
Example
{
"activities": [MicrosoftActivity],
"alertWebUrl": "abc123",
"category": "abc123",
"classification": "FALSE_POSITIVE",
"comments": ["xyz789"],
"createdDateTime": "2007-12-03T10:15:30Z",
"criticality": 987,
"description": "xyz789",
"destinationIp": "xyz789",
"destinationUrl": "xyz789",
"detectionSource": "ANTIVIRUS",
"determination": "APT",
"externalIp": "xyz789",
"firstActivityDateTime": "2007-12-03T10:15:30Z",
"id": "4",
"lastActivityDateTime": "2007-12-03T10:15:30Z",
"lastUpdateDateTime": "2007-12-03T10:15:30Z",
"localIp": "xyz789",
"mitreSubTechnique": [Mitre],
"mitreTechnique": [Mitre],
"ownerName": "abc123",
"providerAlertId": "xyz789",
"recommendedActions": "abc123",
"resolvedDateTime": "2007-12-03T10:15:30Z",
"resources": [MicrosoftEndpointResource],
"status": "IN_PROGRESS",
"threatFamilyName": "xyz789",
"threatName": "xyz789",
"threatType": "abc123",
"title": "xyz789"
}
MicrosoftDeviceDetails
Description
The MicrosoftDeviceDetails object represents detailed information about a Microsoft device, including its antivirus status, Azure AD device ID, device name, first seen date and time, health status, IP interfaces, logged-on users, onboarding status, operating system details, and RBAC group.
Fields
| Field Name | Description |
|---|---|
avStatus - DeviceAvStatusEnum
|
|
azureAdDeviceId - String
|
|
deviceName - String
|
|
externalIp - String
|
|
firstSeenDateTime - DateTime
|
|
healthStatus - DeviceHealthStatusEnum
|
|
id - ID!
|
|
ipInterfaces - [String!]!
|
|
localIp - String
|
|
loggedOnUsers - [EndpointUser!]!
|
|
onboardingStatus - OnboardingStatusEnum
|
|
osDetails - OsDetails
|
|
rbacGroup - RbacGroup
|
Example
{
"avStatus": "DISABLED",
"azureAdDeviceId": "abc123",
"deviceName": "xyz789",
"externalIp": "xyz789",
"firstSeenDateTime": "2007-12-03T10:15:30Z",
"healthStatus": "ACTIVE",
"id": 4,
"ipInterfaces": ["abc123"],
"localIp": "abc123",
"loggedOnUsers": [EndpointUser],
"onboardingStatus": "CAN_BE_ONBOARDED",
"osDetails": OsDetails,
"rbacGroup": RbacGroup
}
MicrosoftEndpoint
BetaDescription
The MicrosoftEndpoint object represents a comprehensive data structure used in GraphQL queries or mutations, containing fields related to security alerts, device details, threat predictions, and other metadata associated with Microsoft's security ecosystem.
Fields
| Field Name | Description |
|---|---|
alerts - [MicrosoftDefenderEndpointAlert!]!
|
|
analystFeedback - AnalystFeedback
|
|
categories - [IncidentCategory!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
device - MicrosoftDeviceDetails
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
firstSignal - DateTime!
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
muted - Boolean!
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
use 'producerType' instead |
producerName - String!
|
|
producerType - StoryProducerEnum!
|
|
queryName - String
|
|
research - Boolean
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
|
source - String
|
|
sourceIp - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
ticket - String
|
|
url - String
|
|
user - UserRef
|
|
vendor - VendorEnum
|
|
vendorStatus - DefenderIncidentStatus
|
Example
{
"alerts": [MicrosoftDefenderEndpointAlert],
"analystFeedback": AnalystFeedback,
"categories": ["OPERATIONAL"],
"connectionType": "Host",
"criticality": 123,
"description": "xyz789",
"device": MicrosoftDeviceDetails,
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"firstSignal": "2007-12-03T10:15:30Z",
"id": 4,
"indication": "abc123",
"lastSignal": "2007-12-03T10:15:30Z",
"muted": true,
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"producerType": "AnomalyEvents",
"queryName": "abc123",
"research": true,
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "xyz789",
"sourceIp": "xyz789",
"status": "Closed",
"storyDuration": 123,
"ticket": "abc123",
"url": "xyz789",
"user": UserRef,
"vendor": "CATO",
"vendorStatus": "ACTIVE"
}
MicrosoftEndpointResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
tags - [String!]!
|
|
roles - [ResourceRoleEnum!]!
|
|
verdict - MsResourceVerdictEnum
|
Possible Types
| MicrosoftEndpointResource Types |
|---|
Example
{
"id": 4,
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "abc123",
"tags": ["xyz789"],
"roles": ["ADDED"],
"verdict": "Benign"
}
MicrosoftEndpointUser
Description
The MicrosoftEndpointUser object represents a user associated with a Microsoft endpoint, containing fields such as account name, domain name, unique identifier, user name, principal name, and user security identifier.
Example
{
"accountName": "xyz789",
"domainName": "abc123",
"id": "4",
"name": "xyz789",
"principalName": "abc123",
"userSid": "abc123"
}
MicrosoftFileResource
Description
The MicrosoftFileResource object represents a file resource in a Microsoft system, containing fields such as creation date, detection and remediation status, file details, unique identifier, roles, tags, and a verdict on the file's status.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
|
detectionStatus - DetectionStatusEnum
|
|
fileDetails - FileDetails
|
|
id - ID!
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
roles - [ResourceRoleEnum!]!
|
|
tags - [String!]!
|
|
verdict - MsResourceVerdictEnum
|
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"detectionStatus": "BLOCKED",
"fileDetails": FileDetails,
"id": 4,
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "abc123",
"roles": ["ADDED"],
"tags": ["xyz789"],
"verdict": "Benign"
}
MicrosoftNetworkResource
Description
The MicrosoftNetworkResource object represents a registry resource in a Microsoft environment, containing fields such as creation date, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.
Fields
| Field Name | Description |
|---|---|
action - String
|
|
createdDateTime - DateTime
|
|
destinationIp - String
|
|
destinationPort - Int
|
|
dnsRequest - String
|
|
dnsResponse - String
|
|
id - ID!
|
|
method - String
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
roles - [ResourceRoleEnum!]!
|
|
sourcePort - Int
|
|
tags - [String!]!
|
|
url - String
|
|
verdict - MsResourceVerdictEnum
|
Example
{
"action": "abc123",
"createdDateTime": "2007-12-03T10:15:30Z",
"destinationIp": "xyz789",
"destinationPort": 123,
"dnsRequest": "abc123",
"dnsResponse": "xyz789",
"id": "4",
"method": "xyz789",
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "xyz789",
"roles": ["ADDED"],
"sourcePort": 123,
"tags": ["abc123"],
"url": "abc123",
"verdict": "Benign"
}
MicrosoftProcessResource
Description
The MicrosoftProcessResource object represents a process resource in a Microsoft environment, containing fields such as creation date, process ID, command line details, remediation status, roles, tags, user account information, and a verdict on the process's nature.
Fields
| Field Name | Description |
|---|---|
action - String
|
|
createdDateTime - DateTime
|
|
id - ID!
|
|
imageFile - FileDetails
|
|
processCommandLine - String
|
|
processId - Int!
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
roles - [ResourceRoleEnum!]!
|
|
tags - [String!]!
|
|
userAccount - EndpointUser
|
|
verdict - MsResourceVerdictEnum
|
Example
{
"action": "xyz789",
"createdDateTime": "2007-12-03T10:15:30Z",
"id": "4",
"imageFile": FileDetails,
"processCommandLine": "abc123",
"processId": 123,
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "abc123",
"roles": ["ADDED"],
"tags": ["xyz789"],
"userAccount": EndpointUser,
"verdict": "Benign"
}
MicrosoftRegistryResource
Description
The MicrosoftRegistryResource object represents a registry resource in a Microsoft environment, containing fields such as creation date, hive, key, remediation status, roles, tags, and verdict, which are used to manage and assess the resource's status and attributes.
Fields
| Field Name | Description |
|---|---|
createdDateTime - DateTime
|
|
hive - String
|
|
id - ID!
|
|
key - String
|
|
remediationStatus - RemediationStatusEnum
|
|
remediationStatusDetails - String
|
|
roles - [ResourceRoleEnum!]!
|
|
tags - [String!]!
|
|
value - String
|
|
valueName - String
|
|
valueType - String
|
|
verdict - MsResourceVerdictEnum
|
Example
{
"createdDateTime": "2007-12-03T10:15:30Z",
"hive": "abc123",
"id": "4",
"key": "abc123",
"remediationStatus": "BLOCKED",
"remediationStatusDetails": "abc123",
"roles": ["ADDED"],
"tags": ["xyz789"],
"value": "xyz789",
"valueName": "abc123",
"valueType": "abc123",
"verdict": "Benign"
}
Mitre
MsAlertStatus
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"IN_PROGRESS"
MsResourceVerdictEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"Benign"
MspAtpBandwidthLicense
BetaDescription
Cato Advanced Threat Prevention - Bandwidth service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
MspAtpUsersLicense
BetaDescription
Cato Advanced Threat Prevention - Users service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
MspCasbBandwidthLicense
BetaDescription
Cato Cloud Access Security Broker - Bandwidth service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
MspCasbUsersLicense
BetaDescription
Cato Cloud Access Security Broker - Users service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
MspDlpBandwidthLicense
BetaDescription
Cato Data Loss Prevention - Bandwidth service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
MspDlpUsersLicense
BetaDescription
Cato Data Loss Prevention - Users service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
MspTpBandwidthLicense
BetaDescription
Cato Threat Prevention - Bandwidth service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
MspTpUsersLicense
BetaDescription
Cato Threat Prevention - Users service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
License quantity |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
NOCaaSLicense
BetaDescription
NOC as a Service (NOCaaS) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
NetworkBandwidth
BetaExample
NetworkBandwidth
NetworkDhcpSettingsInput
NetworkEventSourceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"BGP_SESSION"
NetworkInterfaceRef
BetaNetworkInterfaceRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
NetworkResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
dnsRequest - String
|
|
dnsResponse - String
|
|
destinationIp - String
|
|
destinationPort - Int
|
|
sourcePort - Int
|
|
url - String
|
|
method - String
|
Possible Types
| NetworkResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"dnsRequest": "abc123",
"dnsResponse": "abc123",
"destinationIp": "xyz789",
"destinationPort": 123,
"sourcePort": 987,
"url": "abc123",
"method": "abc123"
}
NetworkSubnet
BetaDescription
Subnet in CIDR notation E.g.: 10.0.0.0/24
Example
NetworkSubnet
NetworkTimelineEvent
Fields
| Field Name | Description |
|---|---|
acknowledged - Boolean
|
|
bgpConnection - BGPConnection
|
|
created - DateTime!
|
|
description - String
|
|
deviceConfigHaRole - DeviceConfigHaRoleEnum
|
|
deviceHaRoleState - DeviceHaRoleStateEnum
|
|
eventIds - [String!]!
|
|
eventType - NetworkXDREventTypeEnum
|
|
hostIp - String
|
|
incidentId - String
|
|
isp - String
|
|
linkConfigBandwidth - String
|
|
linkConfigPrecedence - LinkConfigPrecedenceEnum
|
|
linkId - String
|
|
linkName - String
|
|
linkQualityIssue - LinkQualityIssue
|
|
linkStatus - LinkStatusEnum
|
|
muted - Boolean
|
|
networkEventSource - NetworkEventSourceEnum
|
|
pop - String
|
|
ruleName - String
|
|
socketSerialId - String
|
|
tunnelResetCount - Int
|
|
validated - DateTime!
|
Example
{
"acknowledged": false,
"bgpConnection": BGPConnection,
"created": "2007-12-03T10:15:30Z",
"description": "abc123",
"deviceConfigHaRole": "PRIMARY",
"deviceHaRoleState": "BACKUP",
"eventIds": ["abc123"],
"eventType": "DEGRADED",
"hostIp": "xyz789",
"incidentId": "xyz789",
"isp": "abc123",
"linkConfigBandwidth": "abc123",
"linkConfigPrecedence": "ACTIVE",
"linkId": "abc123",
"linkName": "xyz789",
"linkQualityIssue": LinkQualityIssue,
"linkStatus": "ACTIVE",
"muted": true,
"networkEventSource": "BGP_SESSION",
"pop": "abc123",
"ruleName": "xyz789",
"socketSerialId": "xyz789",
"tunnelResetCount": 987,
"validated": "2007-12-03T10:15:30Z"
}
NetworkXDREventTypeEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"DEGRADED"
NetworkXDRIncident
BetaDescription
The NetworkXDRIncident object represents a detailed incident report within a network, containing various fields such as incident ID, description, criticality, timeline events, and associated metadata like connection type, site information, and predicted threat type, used for analyzing and managing network security incidents.
Fields
| Field Name | Description |
|---|---|
acknowledged - Boolean
|
|
analystFeedback - AnalystFeedback
|
|
bgpConnection - BGPConnection
|
|
categories - [IncidentCategory!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceConfigHaRole - DeviceConfigHaRoleEnum
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
firstSignal - DateTime!
|
|
hostIp - String
|
|
id - ID!
|
|
ilmmDetails - IlmmDetails
|
|
indication - String!
|
|
isp - String
|
|
lastSignal - DateTime!
|
|
licenseBandwidth - String
|
|
licenseRegion - String
|
|
linkConfigPrecedence - LinkConfigPrecedenceEnum
|
|
linkId - String
|
|
linkName - String
|
|
muted - Boolean!
|
|
networkIncidentTimeline - [NetworkTimelineEvent!]!
|
|
occurrences - Int
|
|
pop - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
use 'producerType' instead |
producerName - String!
|
|
producerType - StoryProducerEnum!
|
|
queryName - String
|
|
research - Boolean
|
|
ruleName - String
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteConfigLocation - String
|
|
siteConnectionType - String
|
|
siteName - String!
|
|
source - String
|
|
sourceIp - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
storyType - String!
|
|
ticket - String
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"acknowledged": true,
"analystFeedback": AnalystFeedback,
"bgpConnection": BGPConnection,
"categories": ["OPERATIONAL"],
"connectionType": "Host",
"criticality": 987,
"description": "xyz789",
"deviceConfigHaRole": "PRIMARY",
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"firstSignal": "2007-12-03T10:15:30Z",
"hostIp": "abc123",
"id": "4",
"ilmmDetails": IlmmDetails,
"indication": "xyz789",
"isp": "abc123",
"lastSignal": "2007-12-03T10:15:30Z",
"licenseBandwidth": "xyz789",
"licenseRegion": "abc123",
"linkConfigPrecedence": "ACTIVE",
"linkId": "abc123",
"linkName": "abc123",
"muted": false,
"networkIncidentTimeline": [NetworkTimelineEvent],
"occurrences": 987,
"pop": "abc123",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "xyz789",
"producerType": "AnomalyEvents",
"queryName": "xyz789",
"research": true,
"ruleName": "abc123",
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteConfigLocation": "abc123",
"siteConnectionType": "abc123",
"siteName": "xyz789",
"source": "xyz789",
"sourceIp": "abc123",
"status": "Closed",
"storyDuration": 123,
"storyType": "abc123",
"ticket": "abc123",
"user": UserRef,
"vendor": "CATO"
}
NextGenMalwareProtectionLicense
BetaDescription
NG Anti-Malware service license details (Legacy license, replaced by TP)
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
NoAuth
Fields
| Field Name | Description |
|---|---|
authType - AuthType!
|
Example
{"authType": "BASIC_AUTH"}
ObjectRef
BetaObjectRefBy
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ID"
OnboardingStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"CAN_BE_ONBOARDED"
OperatingSystem
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANDROID"
OperationalStatus
Values
| Enum Value | Description |
|---|---|
|
|
Passing traffic |
|
|
Disabled in the Cato Management Application |
|
|
License has expired for this site and you can't configure it |
|
|
After you create the site before it is connected to the Cato Cloud |
|
|
For VPN users only |
|
|
For VPN users only |
|
|
For VPN users only |
Example
"active"
OriginType
BetaDescription
The origins (e.g., integrations, data feeds) that detected the device
Values
| Enum Value | Description |
|---|---|
|
|
Device details reported by the Armis security platform |
|
|
Device information provided by the Cato Networks platform |
|
|
Device data gathered from Claroty's security platform |
|
|
Device details provided by CrowdStrike endpoint security |
|
|
Device information from Juniper Mist network infrastructure platform |
|
|
Device information from Microsoft Defender endpoint platform |
|
|
Device data collected from Microsoft Intune MDM |
|
|
Device information from SentinelOne endpoint platform |
|
|
Origin of the device data could not be determined |
|
|
Device information identified through Zoom integration |
Example
"Armis"
OriginTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
hasAll - [OriginType!]
|
Has all - include devices that have all specified origin types |
in - [OriginType!]
|
In - include devices that have any of the specified origin types |
nin - [OriginType!]
|
Not in - exclude devices that have any of the specified origin types |
Example
{"hasAll": ["Armis"], "in": ["Armis"], "nin": ["Armis"]}
OsDetails
PageInfo
Fields
| Field Name | Description |
|---|---|
total - Int!
|
Example
{"total": 987}
Paging
BetaFields
| Field Name | Description |
|---|---|
from - Int!
|
Based on the filter and sort parameters, the first story that is returned |
limit - Int!
|
Based on the filter and sort parameters, the number of stories returned after the from. For example, the argument {from: 10, limit: 10} returns stories 10-20. |
total - Int!
|
Total number of stories returned |
Example
{"from": 123, "limit": 987, "total": 987}
PagingInput
BetaPartnerAccessApprovalResponse
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"APPROVE"
PartnerAccessRequestFilterInput
BetaDescription
Filter criteria for listing partner access requests.
Fields
| Input Field | Description |
|---|---|
expirationDate - DateTimeFilterInput
|
Filter by expiration date. |
requestedDate - DateTimeFilterInput
|
Filter by requested date. |
search - StringFilterInput
|
Filter by search string. |
status - AccessRequestStatusFilterInput
|
Filter by status. |
type - AccessRequestTypeFilterInput
|
Filter by request type. |
Example
{
"expirationDate": DateTimeFilterInput,
"requestedDate": DateTimeFilterInput,
"search": StringFilterInput,
"status": AccessRequestStatusFilterInput,
"type": AccessRequestTypeFilterInput
}
PartnerAccessRequestListInput
BetaDescription
Input for listing partner access requests.
Fields
| Input Field | Description |
|---|---|
filter - PartnerAccessRequestFilterInput
|
Filter criteria. |
paging - PagingInput!
|
Pagination settings. Default |
sort - PartnerAccessRequestSortInput!
|
Sort settings. Default |
Example
{
"filter": PartnerAccessRequestFilterInput,
"paging": PagingInput,
"sort": PartnerAccessRequestSortInput
}
PartnerAccessRequestListPayload
BetaDescription
Output for listing partner access requests.
Fields
| Field Name | Description |
|---|---|
items - [ExternalAccessRequest!]!
|
Partner access requests. |
paging - PageInfo!
|
Pagination information. |
Example
{
"items": [ExternalAccessRequest],
"paging": PageInfo
}
PartnerAccessRequestSortInput
BetaDescription
Sort settings for partner account access requests.
Fields
| Input Field | Description |
|---|---|
accountName - SortOrderInput
|
Sort by account name. |
activeDate - SortOrderInput
|
Sort by activation date. |
expirationDate - SortOrderInput
|
Sort by expiration date. |
id - SortOrderInput
|
Sort by request ID. |
requestedDate - SortOrderInput
|
Sort by requested date. |
status - SortOrderInput
|
Sort by status. |
type - SortOrderInput
|
Sort by request type. |
Example
{
"accountName": SortOrderInput,
"activeDate": SortOrderInput,
"expirationDate": SortOrderInput,
"id": SortOrderInput,
"requestedDate": SortOrderInput,
"status": SortOrderInput,
"type": SortOrderInput
}
PartnerPooledBandwidthLicenseAccount
BetaFields
| Field Name | Description |
|---|---|
account - AccountRef!
|
Identifying data for the account |
allocatedBandwidth - Int!
|
Allocated bandwidth for this account |
Example
{"account": AccountRef, "allocatedBandwidth": 987}
PartnerZtnaUsersLicenseAccount
BetaFields
| Field Name | Description |
|---|---|
account - AccountRef!
|
Identifying data for the account |
allocatedUsers - Int!
|
Allocated users for this account |
Example
{"account": AccountRef, "allocatedUsers": 123}
PeriodType
Values
| Enum Value | Description |
|---|---|
|
|
traffic was seen |
|
|
some packets were discarded after queue timeout |
|
|
unspecified period type |
|
|
multiple last mile destinations measured large latency (greater than 500ms) |
|
|
multiple last mile destinations measured packet loss |
|
|
missing data |
|
|
some packets were queued |
|
|
packet loss connectivity issue |
|
|
interface in standby mode |
|
|
period connected to specific pop instance |
Example
"active"
Phone
BetaDescription
Phone number. E.g.: +1 505 333 4070
Example
Phone
Description
Represents available versions for a specific platform.
Fields
| Field Name | Description |
|---|---|
platform - String!
|
The platform for which versions are retrieved. |
versionDetails - [SocketVersionInfo!]!
|
List of available socket versions with additional metadata. |
versions - [String!]!
|
List of available socket versions for this platform. |
Example
{
"platform": "xyz789",
"versionDetails": [SocketVersionInfo],
"versions": ["abc123"]
}
PolicyActiveOnEnum
BetaDescription
Enum for the type of time range a rule is active
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALWAYS"
PolicyAddSectionInfoInput
BetaDescription
Input for adding section info to a policy
Fields
| Input Field | Description |
|---|---|
name - String!
|
Example
{"name": "abc123"}
PolicyAddSectionInput
BetaDescription
Input for adding a section to a policy
Fields
| Input Field | Description |
|---|---|
at - PolicySectionPositionInput!
|
|
section - PolicyAddSectionInfoInput!
|
Example
{
"at": PolicySectionPositionInput,
"section": PolicyAddSectionInfoInput
}
PolicyAudit
BetaPolicyCreateRevisionInput
BetaPolicyCustomRecurring
BetaDescription
Returns data for a custom recurring time range that a rule is active
Fields
| Field Name | Description |
|---|---|
days - [DayOfWeek!]!
|
|
from - Time!
|
|
to - Time!
|
Example
{
"days": ["FRIDAY"],
"from": "10:15:30Z",
"to": "10:15:30Z"
}
PolicyCustomRecurringInput
BetaDescription
Input of data for a custom recurring time range that a rule is active
Fields
| Input Field | Description |
|---|---|
days - [DayOfWeek!]!
|
|
from - Time!
|
|
to - Time!
|
Example
{
"days": ["FRIDAY"],
"from": "10:15:30Z",
"to": "10:15:30Z"
}
PolicyCustomRecurringUpdateInput
BetaDescription
Input of data for a custom recurring time range that a rule is active
Fields
| Input Field | Description |
|---|---|
days - [DayOfWeek!]
|
|
from - Time
|
|
to - Time
|
Example
{
"days": ["FRIDAY"],
"from": "10:15:30Z",
"to": "10:15:30Z"
}
PolicyCustomTimeframe
BetaPolicyCustomTimeframeInput
BetaPolicyCustomTimeframeUpdateInput
BetaPolicyDiscardRevisionInput
BetaDescription
Discards unpublished revision for the policy and reverts to the settings for the published policy.
Fields
| Input Field | Description |
|---|---|
id - ID
|
Example
{"id": "4"}
PolicyElementAudit
BetaPolicyElementPropertiesEnum
BetaDescription
Attributes describing the rule state or type
Values
| Enum Value | Description |
|---|---|
|
|
New (added) rule |
|
|
An object can not be moved, or referenced when moving other objects. However its properties and content can be modified. |
|
|
A rule locked for changes by other admins |
|
|
A rule moved to a different position |
|
|
Removed (deleted) rule |
|
|
A pre-defined (system) rule that cannot be modified or removed |
|
|
Updated (modified) existing rule |
Example
"ADDED"
PolicyInfo
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
name - String!
|
|
description - String!
|
|
enabled - Boolean!
|
|
policyLevel - PolicyLevelEnum!
|
|
audit - PolicyAudit!
|
Possible Types
| PolicyInfo Types |
|---|
Example
{
"id": 4,
"name": "abc123",
"description": "abc123",
"enabled": false,
"policyLevel": "MAIN",
"audit": PolicyAudit
}
PolicyLevelEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"MAIN"
PolicyLevelEnumFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - PolicyLevelEnum
|
|
in - [PolicyLevelEnum!]
|
|
neq - PolicyLevelEnum
|
|
nin - [PolicyLevelEnum!]
|
Example
{"eq": "MAIN", "in": ["MAIN"], "neq": "MAIN", "nin": ["MAIN"]}
PolicyListPayload
Fields
| Field Name | Description |
|---|---|
items - [PolicyInfo!]!
|
|
paging - PageInfo!
|
Possible Types
| PolicyListPayload Types |
|---|
Example
{
"items": [PolicyInfo],
"paging": PageInfo
}
PolicyMoveRuleInput
BetaDescription
Move the rule to a different position in the policy
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
to - PolicyRulePositionInput
|
Example
{
"id": "4",
"to": PolicyRulePositionInput
}
PolicyMoveSectionInput
BetaDescription
Input for moving a section within a policy
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
to - PolicySectionPositionInput
|
Example
{
"id": "4",
"to": PolicySectionPositionInput
}
PolicyMoveSubRuleInput
BetaDescription
Move the sub rule to a different position in the policy
Fields
| Input Field | Description |
|---|---|
id - ID!
|
|
to - PolicySubRulePositionInput!
|
Example
{
"id": "4",
"to": PolicySubRulePositionInput
}
PolicyMutationError
BetaDescription
The PolicyMutationError enum defines various error messages related to policy publishing in the policy platform service.
Policy Errors
ConcurrentPolicyPublish
- Error Message: "Another policy is currently publishing"
PolicyRevisionMismatch
- Error Message: "Revision is not owned by the admin"
PolicyRevisionNotFound
- Error Message: "Revision was not found"
PolicyInvalidEntity
- Error Message: "Invalid entity"
DuplicateRuleName
- Error Message: "Rule with the same name already exists"
DuplicateSectionName
- Error Message: "Section with the same name already exists"
PolicyFailure
- Error Message: "Can’t publish policy due to an internal error. Please try again in a few minutes"
Rule Errors
ruleIsLocked
- Error Message: "Rule is locked by another revision"
ruleWasRemoved
- Error Message: "Rule was already removed"
ruleNotExist
- Error Message: "Rule does not exist"
ruleSectionNotExist
- Error Message: "Section does not exist"
ruleSectionIsLocked
- Error Message: "Section is locked by another revision"
rulePositionInvalid
- Error Message: "Rule position is invalid"
ruleNameIsEmpty
- Error Message: "Rule name can't be empty"
ruleNameAlreadyExists
- Error Message: "Rule with the same name already exists"
ruleSystemModification
- Error Message: "Can't modify a system rule"
ruleSystemMove
- Error Message: "Can't add a rule above the system rules"
ruleHasInvalidEntity
- Error Message: "Rule has an invalid entity"
failedValidatingRule
- Error Message: "Something went wrong, couldn't validate rule"
Section Errors
sectionIsLocked
- Error Message: "Section is locked by another revision"
sectionSystemMove
- Error Message: "Section with system rules cannot be moved or removed"
sectionNotExist
- Error Message: "Section does not exist"
sectionPositionInvalid
- Error Message: "Section position is invalid"
Example
{
"errorCode": "abc123",
"errorMessage": "xyz789"
}
PolicyMutationRevisionInput
Fields
| Input Field | Description |
|---|---|
id - ID
|
Example
{"id": 4}
PolicyMutationStatus
BetaDescription
Enum for the status of a policy mutation
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"FAILURE"
PolicyPublishRevisionInput
BetaDescription
Published revision is the active policy applied on the traffic. In addition, when a policy is published, revision changes become visible to other admins, and rules locked by the revision become unlocked
Example
{
"description": "xyz789",
"name": "abc123"
}
PolicyRef
BetaPolicyRemoveSectionInput
BetaDescription
Input for removing a section from a policy
Fields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
PolicyRevision
BetaDescription
Returns data about the policy revision, such as when the change was made, how many rules were changed, etc.
Example
{
"changes": 987,
"createdTime": "2007-12-03T10:15:30Z",
"description": "abc123",
"id": 4,
"name": "xyz789",
"updatedTime": "2007-12-03T10:15:30Z"
}
PolicyRevisionInput
BetaDescription
Input for specifying a policy revision
Fields
| Input Field | Description |
|---|---|
id - ID
|
|
type - PolicyRevisionType
|
Example
{"id": 4, "type": "PRIVATE"}
PolicyRevisionType
BetaDescription
Enum for the type of a policy revision
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"PRIVATE"
PolicyRevisionsPayload
BetaDescription
Returns data for publishing the policy
Fields
| Field Name | Description |
|---|---|
revision - [PolicyRevision!]!
|
Example
{"revision": [PolicyRevision]}
PolicyRuleActivePeriod
BetaDescription
Returns the time period during which the rule is active, outside this period, the rule is inactive
Example
{
"effectiveFrom": "2007-12-03T10:15:30Z",
"expiresAt": "2007-12-03T10:15:30Z",
"useEffectiveFrom": true,
"useExpiresAt": true
}
PolicyRuleActivePeriodInput
BetaExample
{
"effectiveFrom": "2007-12-03T10:15:30Z",
"expiresAt": "2007-12-03T10:15:30Z",
"useEffectiveFrom": false,
"useExpiresAt": false
}
PolicyRuleActivePeriodUpdateInput
BetaExample
{
"effectiveFrom": "2007-12-03T10:15:30Z",
"expiresAt": "2007-12-03T10:15:30Z",
"useEffectiveFrom": true,
"useExpiresAt": true
}
PolicyRulePositionEnum
BetaDescription
Enum for the position of a rule within a policy
Values
| Enum Value | Description |
|---|---|
|
|
The rule position is after the pre-existing specified rule |
|
|
The rule position is before the pre-existing specified rule |
|
|
The rule position is immediately after the system rules (first non-system rule) |
|
|
The rule position is first in the specified section |
|
|
The rule position is last in the policy |
|
|
The rule position is last in the specified section |
Example
"AFTER_RULE"
PolicyRulePositionInput
BetaDescription
Parameters required to define the rule position
Fields
| Input Field | Description |
|---|---|
position - PolicyRulePositionEnum
|
Position relative to a policy, a section or another rule |
ref - ID
|
The identifier of the object (e.g. a rule, a section) relative to which the position of the added rule is defined |
Example
{"position": "AFTER_RULE", "ref": 4}
PolicyRuleTrackingAlert
BetaDescription
Returns data for the alert settings for the rule
Fields
| Field Name | Description |
|---|---|
enabled - Boolean!
|
TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched |
frequency - PolicyRuleTrackingFrequencyEnum!
|
Returns data for the alert frequency |
mailingList - [SubscriptionMailingListRef!]!
|
Returns data for the Mailing List that receives the alert |
subscriptionGroup - [SubscriptionGroupRef!]!
|
Returns data for the Subscription Group that receives the alert |
webhook - [SubscriptionWebhookRef!]!
|
Returns data for the Webhook that receives the alert |
Example
{
"enabled": false,
"frequency": "DAILY",
"mailingList": [SubscriptionMailingListRef],
"subscriptionGroup": [SubscriptionGroupRef],
"webhook": [SubscriptionWebhookRef]
}
PolicyRuleTrackingAlertInput
BetaDescription
Input of data for the alert settings for the rule
Fields
| Input Field | Description |
|---|---|
enabled - Boolean!
|
TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched Default |
frequency - PolicyRuleTrackingFrequencyEnum!
|
Returns data for the alert frequency Default |
mailingList - [SubscriptionMailingListRefInput!]!
|
Returns data for the Mailing List that receives the alert Default |
subscriptionGroup - [SubscriptionGroupRefInput!]!
|
Returns data for the Subscription Group that receives the alert Default |
webhook - [SubscriptionWebhookRefInput!]!
|
Returns data for the Webhook that receives the alert Default |
Example
{
"enabled": true,
"frequency": "DAILY",
"mailingList": [SubscriptionMailingListRefInput],
"subscriptionGroup": [SubscriptionGroupRefInput],
"webhook": [SubscriptionWebhookRefInput]
}
PolicyRuleTrackingAlertUpdateInput
BetaDescription
Input of data for the alert settings for the rule
Fields
| Input Field | Description |
|---|---|
enabled - Boolean
|
TRUE – send alerts when the rule is matched, FALSE – don’t send alerts when the rule is matched |
frequency - PolicyRuleTrackingFrequencyEnum
|
Returns data for the alert frequency |
mailingList - [SubscriptionMailingListRefInput!]
|
Returns data for the Mailing List that receives the alert |
subscriptionGroup - [SubscriptionGroupRefInput!]
|
Returns data for the Subscription Group that receives the alert |
webhook - [SubscriptionWebhookRefInput!]
|
Returns data for the Webhook that receives the alert |
Example
{
"enabled": false,
"frequency": "DAILY",
"mailingList": [SubscriptionMailingListRefInput],
"subscriptionGroup": [SubscriptionGroupRefInput],
"webhook": [SubscriptionWebhookRefInput]
}
PolicyRuleTrackingEvent
BetaDescription
Returns data if an alert is sent for a rule
Fields
| Field Name | Description |
|---|---|
enabled - Boolean!
|
Example
{"enabled": true}
PolicyRuleTrackingEventInput
BetaDescription
Input of data if an alert is sent for a rule
Fields
| Input Field | Description |
|---|---|
enabled - Boolean!
|
Example
{"enabled": true}
PolicyRuleTrackingEventUpdateInput
BetaDescription
Input of data if an alert is sent for a rule
Fields
| Input Field | Description |
|---|---|
enabled - Boolean
|
Example
{"enabled": false}
PolicyRuleTrackingFrequencyEnum
BetaDescription
Enum for the frequency of an alert event for a rule
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"DAILY"
PolicyRuleTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
Indicate rule is a regular policy rule |
|
|
Indicate the rule is a scoping context for sub policy |
Example
"POLICY_RULE"
PolicySchedule
BetaFields
| Field Name | Description |
|---|---|
activeOn - PolicyActiveOnEnum!
|
|
customRecurring - PolicyCustomRecurring
|
|
customTimeframe - PolicyCustomTimeframe
|
Example
{
"activeOn": "ALWAYS",
"customRecurring": PolicyCustomRecurring,
"customTimeframe": PolicyCustomTimeframe
}
PolicyScheduleInput
BetaFields
| Input Field | Description |
|---|---|
activeOn - PolicyActiveOnEnum!
|
|
customRecurring - PolicyCustomRecurringInput
|
|
customTimeframe - PolicyCustomTimeframeInput
|
Example
{
"activeOn": "ALWAYS",
"customRecurring": PolicyCustomRecurringInput,
"customTimeframe": PolicyCustomTimeframeInput
}
PolicyScheduleUpdateInput
BetaFields
| Input Field | Description |
|---|---|
activeOn - PolicyActiveOnEnum
|
|
customRecurring - PolicyCustomRecurringUpdateInput
|
|
customTimeframe - PolicyCustomTimeframeUpdateInput
|
Example
{
"activeOn": "ALWAYS",
"customRecurring": PolicyCustomRecurringUpdateInput,
"customTimeframe": PolicyCustomTimeframeUpdateInput
}
PolicySectionInfo
BetaPolicySectionMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
section - PolicySectionPayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"section": PolicySectionPayload,
"status": "FAILURE"
}
PolicySectionPayload
BetaFields
| Field Name | Description |
|---|---|
access - EntityAccess
|
|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
section - PolicySectionInfo!
|
Example
{
"access": EntityAccess,
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"section": PolicySectionInfo
}
PolicySectionPositionEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"AFTER_SECTION"
PolicySectionPositionInput
BetaFields
| Input Field | Description |
|---|---|
position - PolicySectionPositionEnum!
|
|
ref - ID
|
Example
{"position": "AFTER_SECTION", "ref": 4}
PolicySubRulePositionEnum
BetaDescription
Enum for the position of a rule within a policy
Values
| Enum Value | Description |
|---|---|
|
|
The rule position is after the pre-existing specified rule |
|
|
The rule position is before the pre-existing specified rule |
|
|
The rule position is first in the specified rule |
|
|
The rule position is last in the specified rule |
Example
"AFTER_SUB_RULE"
PolicySubRulePositionInput
BetaDescription
Parameters required to define the rule position
Fields
| Input Field | Description |
|---|---|
position - PolicySubRulePositionEnum!
|
Position relative to a policy, a section or another rule |
ref - ID!
|
The identifier of the sub-rule relative to which the position of the added rule is defined |
Example
{"position": "AFTER_SUB_RULE", "ref": "4"}
PolicyToggleState
BetaDescription
Enum for the state of a policy
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DISABLED"
PolicyTracking
BetaFields
| Field Name | Description |
|---|---|
alert - PolicyRuleTrackingAlert!
|
|
event - PolicyRuleTrackingEvent!
|
Example
{
"alert": PolicyRuleTrackingAlert,
"event": PolicyRuleTrackingEvent
}
PolicyTrackingInput
BetaFields
| Input Field | Description |
|---|---|
alert - PolicyRuleTrackingAlertInput!
|
|
event - PolicyRuleTrackingEventInput!
|
Example
{
"alert": PolicyRuleTrackingAlertInput,
"event": PolicyRuleTrackingEventInput
}
PolicyTrackingUpdateInput
BetaFields
| Input Field | Description |
|---|---|
alert - PolicyRuleTrackingAlertUpdateInput
|
|
event - PolicyRuleTrackingEventUpdateInput
|
Example
{
"alert": PolicyRuleTrackingAlertUpdateInput,
"event": PolicyRuleTrackingEventUpdateInput
}
PolicyUpdateSectionInfoInput
BetaFields
| Input Field | Description |
|---|---|
name - String
|
Example
{"name": "abc123"}
PolicyUpdateSectionInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
section - PolicyUpdateSectionInfoInput!
|
Example
{
"id": "4",
"section": PolicyUpdateSectionInfoInput
}
PooledBandwidthLicense
BetaFields
| Field Name | Description |
|---|---|
accounts - [PartnerPooledBandwidthLicenseAccount!]!
|
Accounts that this license is assigned to (and the license usage within each account) |
allocatedBandwidth - Int!
|
allocated bandwidth, in Mbps, for all the sites assigned to this license. |
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
siteLicenseGroup - SiteLicenseGroup!
|
Regional license group |
siteLicenseType - SiteLicenseType!
|
The selected service type, e.g SASE or SSE. |
sites - [PooledBandwidthLicenseSite!]!
|
Sites that this license is assigned to (and the license usage within each site) |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
Maximum available bandwidth, in Mbps, for all the sites under this license. This constitutes the bandwidth pool that is allocated to different sites. |
Example
{
"accounts": [PartnerPooledBandwidthLicenseAccount],
"allocatedBandwidth": 123,
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"siteLicenseGroup": "AFRICA",
"siteLicenseType": "SASE",
"sites": [PooledBandwidthLicenseSite],
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
PooledBandwidthLicenseSite
BetaPopLocation
BetaFields
| Field Name | Description |
|---|---|
cloudInterconnect - [PopLocationCloudInterconnect!]!
|
Lists the available cloud interconnect options (e.g., AWS Direct Connect, Azure ExpressRoute) at this PoP. Each entry in the list is a PopLocationCloudInterconnect object describing interconnect capabilities. |
country - CountryRef!
|
Reference to the country where the PoP resides. Links to a CountryRef object that may contain name, ISO code, or additional geopolitical metadata |
displayName - String!
|
User-facing name of the PoP (e.g., for dashboards or UI displays). Often formatted for readability |
id - ID!
|
Unique identifier for the PoP location. Globally unique across the Cato platform |
isPrivate - Boolean!
|
indicates whether the PoP is a private location (customer-owned or dedicated) as opposed to part of the public/shared Cato cloud |
name - String!
|
Internal name of the PoP location, used for system-level identification. Usually the city of the PoP |
Example
{
"cloudInterconnect": [PopLocationCloudInterconnect],
"country": CountryRef,
"displayName": "abc123",
"id": 4,
"isPrivate": false,
"name": "abc123"
}
PopLocationAllocateIpInput
BetaDescription
Input for allocating an IP address for a PoP location.
Fields
| Input Field | Description |
|---|---|
description - String
|
Optional description for the allocated IP address. |
popLocation - PopLocationRefInput
|
Target PoP location for the allocation, when required by the allocation workflow. |
type - PopLocationAllocatedIpType!
|
Allocation type. Default |
Example
{
"description": "abc123",
"popLocation": PopLocationRefInput,
"type": "BYOIP"
}
PopLocationAllocateIpPayload
BetaDescription
Response payload for the allocate IP mutation.
Fields
| Field Name | Description |
|---|---|
allocatedIp - PopLocationAllocatedIp!
|
The allocated IP record. |
Example
{"allocatedIp": PopLocationAllocatedIp}
PopLocationAllocatedIp
BetaFields
| Field Name | Description |
|---|---|
account - AccountRef!
|
|
allocationType - PopLocationAllocatedIpType!
|
|
description - String
|
|
id - ID!
|
|
ip - IPAddress!
|
|
popLocation - PopLocationRef!
|
|
state - PopLocationByoipSubnetState
|
|
subnet - String
|
Example
{
"account": AccountRef,
"allocationType": "BYOIP",
"description": "xyz789",
"id": "4",
"ip": IPAddress,
"popLocation": PopLocationRef,
"state": "ADVERTISED",
"subnet": "abc123"
}
PopLocationAllocatedIpFilterInput
BetaDescription
Filter options for querying allocated IP addresses for PoP locations.
Fields
| Input Field | Description |
|---|---|
account - StringFilterInput
|
Filter by account identifier. |
allocatedIp - StringFilterInput
|
Filter by allocated IP address. |
allocationType - PopLocationAllocatedIpTypeFilterInput
|
Filter by allocation type. |
description - StringFilterInput
|
Filter by description of the allocated IP. |
global - FreeTextFilterInput
|
Free-text search across allocated IP attributes. |
id - StringFilterInput
|
Filter by allocated IP identifier. |
popLocation - PopLocationRefFilterInput
|
Filter by PoP location. |
subnet - StringFilterInput
|
Filter by subnet associated with the allocated IP address, when applicable. |
Example
{
"account": StringFilterInput,
"allocatedIp": StringFilterInput,
"allocationType": PopLocationAllocatedIpTypeFilterInput,
"description": StringFilterInput,
"global": FreeTextFilterInput,
"id": StringFilterInput,
"popLocation": PopLocationRefFilterInput,
"subnet": StringFilterInput
}
PopLocationAllocatedIpInput
BetaDescription
Input wrapper for filtering allocated IP addresses for PoP locations.
Fields
| Input Field | Description |
|---|---|
filter - PopLocationAllocatedIpFilterInput
|
Example
{"filter": PopLocationAllocatedIpFilterInput}
PopLocationAllocatedIpPayload
BetaDescription
Response payload for the allocated IP list query.
Fields
| Field Name | Description |
|---|---|
allocatedIp - [PopLocationAllocatedIp!]!
|
List of allocated IP addresses that match the filter. |
paging - PageInfo!
|
Paging information for the allocated IP list. |
Example
{
"allocatedIp": [PopLocationAllocatedIp],
"paging": PageInfo
}
PopLocationAllocatedIpType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BYOIP"
PopLocationAllocatedIpTypeFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - PopLocationAllocatedIpType
|
|
in - [PopLocationAllocatedIpType!]
|
|
neq - PopLocationAllocatedIpType
|
|
nin - [PopLocationAllocatedIpType!]
|
Example
{"eq": "BYOIP", "in": ["BYOIP"], "neq": "BYOIP", "nin": ["BYOIP"]}
PopLocationByoipSubnetState
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ADVERTISED"
PopLocationCloudInterconnect
BetaFields
| Field Name | Description |
|---|---|
providerName - String!
|
|
taggingMethod - TaggingMethod!
|
Example
{
"providerName": "xyz789",
"taggingMethod": "DOT1Q"
}
PopLocationCloudInterconnectFilterInput
BetaFields
| Input Field | Description |
|---|---|
taggingMethod - TaggingMethodFilterInput
|
Example
{"taggingMethod": TaggingMethodFilterInput}
PopLocationFilterInput
BetaFields
| Input Field | Description |
|---|---|
country - CountryRefFilterInput
|
Filters PoPs based on their geographical country. Useful for regional filtering or compliance. |
id - IdFilterInput
|
PoP location's unique identifier (ID). |
interconnectTagging - PopLocationCloudInterconnectFilterInput
|
Filter by setting - cloud interconnect tags (e.g.,1Q or QinQ). |
isPrivate - BooleanFilterInput
|
Filters based on whether a PoP is private or public and a part of the Cato Cloud (public or reserved for a specific partner/customer). |
name - StringFilterInput
|
Filter by name of the PoP Location, usually represented by the city. |
primary - BooleanFilterInput
|
Filters for PoPs marked as “primary,” likely signifying main or preferred locations in a geographic area. |
siteLicenseRegion - StringFilterInput
|
Filters PoPs based on regional licensing rules or designations, possibly aligning with regional compliance or pricing. |
Example
{
"country": CountryRefFilterInput,
"id": IdFilterInput,
"interconnectTagging": PopLocationCloudInterconnectFilterInput,
"isPrivate": BooleanFilterInput,
"name": StringFilterInput,
"primary": BooleanFilterInput,
"siteLicenseRegion": StringFilterInput
}
PopLocationMachineRef
BetaPopLocationPayload
BetaFields
| Field Name | Description |
|---|---|
items - [PopLocation!]!
|
The actual list of PoP locations matching the given filter criteria. Each entry is a non-null PopLocation object. |
Example
{"items": [PopLocation]}
PopLocationRef
BetaPopLocationRefFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - PopLocationRefInput
|
|
in - [PopLocationRefInput!]
|
|
neq - PopLocationRefInput
|
|
nin - [PopLocationRefInput!]
|
Example
{
"eq": PopLocationRefInput,
"in": [PopLocationRefInput],
"neq": PopLocationRefInput,
"nin": [PopLocationRefInput]
}
PopLocationRefInput
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
PopLocationReleaseIpInput
BetaDescription
Input for releasing an allocated IP address.
Fields
| Input Field | Description |
|---|---|
ip - IPAddress!
|
Allocated IP address to release. |
type - PopLocationAllocatedIpType!
|
Allocation type. Default |
Example
{"ip": IPAddress, "type": "BYOIP"}
PopLocationReleaseIpPayload
BetaFields
| Field Name | Description |
|---|---|
allocatedIp - PopLocationAllocatedIp!
|
Example
{"allocatedIp": PopLocationAllocatedIp}
PopLocationServiceUnitRef
BetaPopLocationUpdateAllocatedIpDescriptionInput
BetaDescription
Input for updating the description of an allocated IP address.
Fields
| Input Field | Description |
|---|---|
description - String!
|
New description for the allocated IP address. |
ip - IPAddress!
|
Allocated IP address to update. |
Example
{
"description": "abc123",
"ip": IPAddress
}
PopLocationUpdateAllocatedIpDescriptionPayload
BetaFields
| Field Name | Description |
|---|---|
allocatedIp - PopLocationAllocatedIp!
|
Example
{"allocatedIp": PopLocationAllocatedIp}
Port
BetaDescription
Network port number. Must be in range [0-65535] E.g.: 433, 8080, 80, etc..
Example
19532
PortRange
BetaPortRangeInput
BetaPortRangeUpdateInput
BetaPostalAddress
BetaFields
| Field Name | Description |
|---|---|
address1 - String
|
Primary address |
address2 - String
|
Secondary address (unit number) |
addressValidated - AddressValidationStatus!
|
Address validation status |
cityName - String
|
City |
country - CountryRef!
|
Country |
stateName - String
|
State (only for USA) |
street - String
|
Street name and number Beta replaced by address1 and address2 |
zipCode - String
|
Zip Code |
Example
{
"address1": "abc123",
"address2": "xyz789",
"addressValidated": "INVALID",
"cityName": "xyz789",
"country": CountryRef,
"stateName": "xyz789",
"street": "xyz789",
"zipCode": "xyz789"
}
PostalAddressInput
BetaExample
{
"address1": "xyz789",
"address2": "xyz789",
"cityName": "xyz789",
"country": CountryRefInput,
"stateName": "xyz789",
"zipCode": "abc123"
}
PrivateApplicationRef
BetaProcessResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
processId - Int!
|
|
processCommandLine - String
|
|
imageFile - FileDetails
|
|
userAccount - EndpointUser
|
Possible Types
| ProcessResource Types |
|---|
Example
{
"id": 4,
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"processId": 123,
"processCommandLine": "xyz789",
"imageFile": FileDetails,
"userAccount": EndpointUser
}
ProtoType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CROSS_CONNECT"
PublicIpsLicense
BetaDescription
Public IP address license
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The number of public IPs available in the licenses |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
PublicIpsLicenseAllocations
BetaQinQVlan
BetaQinQVlanConfiguration
BetaQuantifiableLicense
BetaFields
| Field Name | Description |
|---|---|
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
description - String
|
|
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
status - LicenseStatus!
|
License activation status |
startDate - DateTime
|
License initiation date |
expirationDate - DateTime!
|
License expiration date |
lastUpdated - DateTime
|
The date of the last update to the license |
total - Int!
|
license quantity |
Possible Types
| QuantifiableLicense Types |
|---|
Example
{
"id": "4",
"description": "xyz789",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"status": "ACTIVE",
"startDate": "2007-12-03T10:15:30Z",
"expirationDate": "2007-12-03T10:15:30Z",
"lastUpdated": "2007-12-03T10:15:30Z",
"total": 987
}
QueryParameter
Fields
| Field Name | Description |
|---|---|
name - String
|
|
operator - String
|
|
value - String
|
|
values - [String!]!
|
Example
{
"name": "xyz789",
"operator": "abc123",
"value": "xyz789",
"values": ["abc123"]
}
RBACAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"EDIT"
RBACRole
RBACRoleRefInput
BetaDescription
Reference input for an RBAC role.
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Reference lookup method. Default |
input - String!
|
Role reference value. |
Example
{"by": "ID", "input": "xyz789"}
RbacGroup
RbacRoleRef
BetaRbiLicense
BetaDescription
Remote Browser Isolation (RBI) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
RbiProfileRef
BetaRbiProfileRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
RecentConnection
Fields
| Field Name | Description |
|---|---|
deviceName - String
|
Serial number for the Device |
duration - Int
|
The duration of the connection |
interfaceName - String
|
Name for the port in the Cato Management Application |
lastConnected - DateTime
|
The last time this connection was detected (so lastConnected - duration is the start of the connection |
popName - String
|
The name of the PoP that the traffic flow was connected to |
remoteIP - String
|
IP address the ISP allocates to the WAN link |
remoteIPInfo - IPInfo
|
IP address, ISP, and geographical information related to the PoP that the traffic flow was connected to |
Example
{
"deviceName": "abc123",
"duration": 987,
"interfaceName": "xyz789",
"lastConnected": "2007-12-03T10:15:30Z",
"popName": "xyz789",
"remoteIP": "abc123",
"remoteIPInfo": IPInfo
}
Regionality
BetaDescription
REGIONAL and GLOBAL licenses for MOROCCO, CHINA, and VIETNAM group values
Values
| Enum Value | Description |
|---|---|
|
|
Global traffic going outside of the region |
|
|
Site traffic within the region |
Example
"GLOBAL"
RegistryResource
Fields
| Field Name | Description |
|---|---|
id - ID!
|
|
createdDateTime - DateTime
|
|
remediationStatus - RemediationStatusEnum
|
|
hive - String
|
|
key - String
|
|
value - String
|
|
valueName - String
|
|
valueType - String
|
Possible Types
| RegistryResource Types |
|---|
Example
{
"id": "4",
"createdDateTime": "2007-12-03T10:15:30Z",
"remediationStatus": "BLOCKED",
"hive": "abc123",
"key": "abc123",
"value": "xyz789",
"valueName": "xyz789",
"valueType": "abc123"
}
RemediationStatusEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"BLOCKED"
RemotePortFwdAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
enabled - Boolean!
|
|
externalIp - AllocatedIpRefInput!
|
|
externalPortRange - PortRangeInput!
|
|
forwardIcmp - Boolean!
|
|
internalIp - IPAddress!
|
|
internalPortRange - PortRangeInput!
|
|
name - String!
|
|
remoteIPs - RemotePortFwdRemoteIpsInput!
|
|
restrictionType - RemotePortFwdRestrictionType!
|
|
tracking - PolicyRuleTrackingAlertInput!
|
Example
{
"description": "abc123",
"enabled": false,
"externalIp": AllocatedIpRefInput,
"externalPortRange": PortRangeInput,
"forwardIcmp": false,
"internalIp": IPAddress,
"internalPortRange": PortRangeInput,
"name": "abc123",
"remoteIPs": RemotePortFwdRemoteIpsInput,
"restrictionType": "ALLOW_LIST",
"tracking": PolicyRuleTrackingAlertInput
}
RemotePortFwdAddRuleInput
BetaDescription
Rule parameters and relevant position
Fields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - RemotePortFwdAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": RemotePortFwdAddRuleDataInput
}
RemotePortFwdPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [RemotePortFwdRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [RemotePortFwdRulePayload],
"sections": [PolicySectionPayload]
}
RemotePortFwdPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
RemotePortFwdPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
RemotePortFwdPolicyMutationPayload
BetaDescription
Remote port forwarding policy information provided in the API response
Fields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - RemotePortFwdPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": RemotePortFwdPolicy,
"status": "FAILURE"
}
RemotePortFwdPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
RemotePortFwdRemoteIps
BetaFields
| Field Name | Description |
|---|---|
globalIpRange - [GlobalIpRangeRef!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"subnet": [NetworkSubnet]
}
RemotePortFwdRemoteIpsInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - [GlobalIpRangeRefInput!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRangeInput!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
RemotePortFwdRemoteIpsUpdateInput
BetaFields
| Input Field | Description |
|---|---|
globalIpRange - [GlobalIpRangeRefInput!]
|
|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
subnet - [NetworkSubnet!]
|
Example
{
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
RemotePortFwdRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
RemotePortFwdRestrictionType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ALLOW_LIST"
RemotePortFwdRule
BetaFields
| Field Name | Description |
|---|---|
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
externalIp - AllocatedIpRef!
|
|
externalPortRange - PortRange!
|
|
forwardIcmp - Boolean!
|
|
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
internalIp - IPAddress!
|
|
internalPortRange - PortRange!
|
|
name - String!
|
Name of the rule |
remoteIPs - RemotePortFwdRemoteIps!
|
|
restrictionType - RemotePortFwdRestrictionType!
|
|
section - PolicySectionInfo!
|
Policy section where the rule is located |
tracking - PolicyRuleTrackingAlert!
|
Example
{
"description": "abc123",
"enabled": true,
"externalIp": AllocatedIpRef,
"externalPortRange": PortRange,
"forwardIcmp": false,
"id": "4",
"index": 987,
"internalIp": IPAddress,
"internalPortRange": PortRange,
"name": "xyz789",
"remoteIPs": RemotePortFwdRemoteIps,
"restrictionType": "ALLOW_LIST",
"section": PolicySectionInfo,
"tracking": PolicyRuleTrackingAlert
}
RemotePortFwdRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - RemotePortFwdRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": RemotePortFwdRulePayload,
"status": "FAILURE"
}
RemotePortFwdRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - RemotePortFwdRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": RemotePortFwdRule
}
RemotePortFwdUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
enabled - Boolean
|
|
externalIp - AllocatedIpRefInput
|
|
externalPortRange - PortRangeUpdateInput
|
|
forwardIcmp - Boolean
|
|
internalIp - IPAddress
|
|
internalPortRange - PortRangeUpdateInput
|
|
name - String
|
|
remoteIPs - RemotePortFwdRemoteIpsUpdateInput
|
|
restrictionType - RemotePortFwdRestrictionType
|
|
tracking - PolicyRuleTrackingAlertUpdateInput
|
Example
{
"description": "abc123",
"enabled": false,
"externalIp": AllocatedIpRefInput,
"externalPortRange": PortRangeUpdateInput,
"forwardIcmp": true,
"internalIp": IPAddress,
"internalPortRange": PortRangeUpdateInput,
"name": "xyz789",
"remoteIPs": RemotePortFwdRemoteIpsUpdateInput,
"restrictionType": "ALLOW_LIST",
"tracking": PolicyRuleTrackingAlertUpdateInput
}
RemotePortFwdUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - RemotePortFwdUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": RemotePortFwdUpdateRuleDataInput
}
RemoveAccountPayload
Fields
| Field Name | Description |
|---|---|
accountInfo - AccountInfo!
|
General info of the removed account |
Example
{"accountInfo": AccountInfo}
RemoveAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": "4"}
RemoveBgpPeerInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Unique identifier of the BGP peer to be removed. |
Example
{"id": "4"}
RemoveBgpPeerPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - BgpPeer!
|
The BGP peer that was successfully removed. |
Example
{"bgpPeer": BgpPeer}
RemoveCloudInterconnectPhysicalConnectionInput
BetaDescription
Input for removing a physical connection from a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
id - ID!
|
ID of the connection to be removed. |
Example
{"id": "4"}
RemoveCloudInterconnectPhysicalConnectionPayload
BetaDescription
Payload for removing a physical connection from a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the removed connection. |
Example
{"id": 4}
RemoveIpsecIkeV2SiteMultiTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
fqdn - Fqdn
|
Cato’s FQDN for the multi-tunnel |
tunnels - [RemoveIpsecIkeV2SiteTunnelPayload!]!
|
Example
{
"fqdn": Fqdn,
"tunnels": [RemoveIpsecIkeV2SiteTunnelPayload]
}
RemoveIpsecIkeV2SiteTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
localId - String
|
The local ID for the tunnel |
tunnelId - IPSecV2InterfaceId
|
The ID of the tunnel |
Example
{
"localId": "abc123",
"tunnelId": "PRIMARY1"
}
RemoveIpsecIkeV2SiteTunnelsInput
BetaFields
| Input Field | Description |
|---|---|
tunnelId - [IPSecV2InterfaceId!]!
|
The IDs of the tunnels |
Example
{"tunnelId": ["PRIMARY1"]}
RemoveIpsecIkeV2SiteTunnelsPayload
BetaFields
| Field Name | Description |
|---|---|
primary - RemoveIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the primary tunnel |
secondary - RemoveIpsecIkeV2SiteMultiTunnelPayload
|
Cato’s FQDN for the secondary tunnel |
siteId - ID!
|
The ID of the site |
Example
{
"primary": RemoveIpsecIkeV2SiteMultiTunnelPayload,
"secondary": RemoveIpsecIkeV2SiteMultiTunnelPayload,
"siteId": 4
}
RemoveNetworkRangePayload
Fields
| Field Name | Description |
|---|---|
networkRangeId - ID!
|
Example
{"networkRangeId": "4"}
RemoveSecondaryAwsVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
secondaryAwsVSocket - SecondaryAwsVSocket!
|
Example
{"secondaryAwsVSocket": SecondaryAwsVSocket}
RemoveSecondaryAzureVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
secondaryAzureVSocket - SecondaryAzureVSocket!
|
Example
{"secondaryAzureVSocket": SecondaryAzureVSocket}
Fields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
Fields
| Field Name | Description |
|---|---|
socketInfo - GcpVSocketInfo!
|
Example
{"socketInfo": GcpVSocketInfo}
RemoveServicePrincipalAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": "4"}
RemoveSiteBwLicenseInput
BetaFields
| Input Field | Description |
|---|---|
licenseId - ID!
|
The license that is being removed |
site - SiteRefInput!
|
The site to remove the licenses from |
Example
{"licenseId": 4, "site": SiteRefInput}
RemoveSiteBwLicensePayload
BetaFields
| Field Name | Description |
|---|---|
license - License!
|
Example
{"license": License}
RemoveSitePayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": 4}
RemoveSocketAddOnCardInput
BetaFields
| Input Field | Description |
|---|---|
expansionSlotNumbers - [SocketAddOnExpansionSlotNumber!]!
|
|
site - SiteRefInput!
|
Example
{"expansionSlotNumbers": ["SLOT_1"], "site": SiteRefInput}
RemoveSocketAddOnCardPayload
BetaFields
| Field Name | Description |
|---|---|
addOns - [SocketAddOnCard!]!
|
Example
{"addOns": [SocketAddOnCard]}
RemoveStaticHostPayload
Fields
| Field Name | Description |
|---|---|
hostId - ID!
|
Example
{"hostId": 4}
ReplaceSiteBwLicenseInput
BetaFields
| Input Field | Description |
|---|---|
bw - Int
|
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license. This field should not be used if a site license is used. |
licenseIdToAdd - ID!
|
The license that is being assigned |
licenseIdToRemove - ID!
|
The license that is being removed |
site - SiteRefInput!
|
The site to replace the licenses for |
Example
{
"bw": 123,
"licenseIdToAdd": "4",
"licenseIdToRemove": "4",
"site": SiteRefInput
}
ReplaceSiteBwLicensePayload
BetaFields
| Field Name | Description |
|---|---|
license - License!
|
Example
{"license": License}
ReservedDot1QVlans
BetaReservedQinQVlans
BetaResolveIncomingAccessRequestInput
BetaDescription
Input for approving or rejecting a managed account access request.
Fields
| Input Field | Description |
|---|---|
approval - PartnerAccessApprovalResponse!
|
Approval decision. |
note - String
|
Optional note. |
requestId - ID!
|
Access request ID. |
Example
{
"approval": "APPROVE",
"note": "abc123",
"requestId": 4
}
ResolveIncomingAccessRequestPayload
BetaDescription
Output for a managed account access request.
Fields
| Field Name | Description |
|---|---|
request - IncomingExternalAccessRequest!
|
Updated access request. |
Example
{"request": IncomingExternalAccessRequest}
ResourceRoleEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ADDED"
ResponsePolicyRuleRef
BetaRetrieveUsedVlanIDsInput
BetaFields
| Input Field | Description |
|---|---|
encapsulationMethod - TaggingMethod!
|
Method of encapsulation (.1Q/QinQ) |
popLocation - PopLocationRefInput!
|
Identifying data for the POP location. |
serviceProviderName - String!
|
Name of the service provider. Usually a partner, or a fabric service provider. |
Example
{
"encapsulationMethod": "DOT1Q",
"popLocation": PopLocationRefInput,
"serviceProviderName": "xyz789"
}
RetrieveUsedVlanIDsPayload
BetaFields
| Field Name | Description |
|---|---|
ranges - [VlanRange!]!
|
All VLAN ranges supported by the POP location. |
reservedDot1QVlans - [ReservedDot1QVlans!]!
|
List of reserved Dot1Q VLANs currently in use at the POP location. |
reservedQinQVlans - [ReservedQinQVlans!]!
|
List of reserved QinQ VLANs currently in use at the POP location. |
Example
{
"ranges": [VlanRange],
"reservedDot1QVlans": [ReservedDot1QVlans],
"reservedQinQVlans": [ReservedQinQVlans]
}
RevokePartnerAccessInput
BetaRevokePartnerAccessPayload
BetaDescription
Output for revoking partner access.
Fields
| Field Name | Description |
|---|---|
invitation - IncomingExternalAccessRequest!
|
Updated access request. |
Example
{"invitation": IncomingExternalAccessRequest}
RiskLevelEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Benign"
SHA_256
BetaDescription
A 64-character hex string representing a SHA-256 hash. Typically used for secure validation and cryptographic integrity checks
Example
SHA_256
SaasSecurityApiLicense
BetaDescription
SaaS Security API service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
license quantity |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
SanctionedAppsCategoryRef
BetaSanctionedAppsCategoryRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
Description
Sandbox analysis failure reason
Values
| Enum Value | Description |
|---|---|
|
|
Failed to fetch report from sandbox service after 10 minutes |
|
|
Reached configured queued limit for account |
|
|
Internal server error |
|
|
Invalid file size (0 or too large) |
|
|
Failed to submit file for sandbox analysis |
|
|
Unsupported file type |
Example
"ANALYSIS_TIMEOUT"
Description
Sandbox report meta-data
Fields
| Field Name | Description |
|---|---|
creationDate - DateTime!
|
Report creation date |
downloadUrl - Url
|
Report download URL (if ready) |
expirationDate - DateTime
|
Report expiration date |
failureReason - SandboxFailureReason
|
Sandbox analysis failure reason (if any) |
fileHash - String!
|
File hash (SHA-256) |
fileName - String
|
File name |
status - SandboxStatus!
|
Sandbox analysis status |
verdict - SandboxVerdict
|
Sandbox verdict |
Example
{
"creationDate": "2007-12-03T10:15:30Z",
"downloadUrl": Url,
"expirationDate": "2007-12-03T10:15:30Z",
"failureReason": "ANALYSIS_TIMEOUT",
"fileHash": "xyz789",
"fileName": "xyz789",
"status": "EXPIRED",
"verdict": "BENIGN"
}
Description
Sandbox reports query filter
Fields
| Input Field | Description |
|---|---|
fileHash - [StringFilterInput!]
|
File hash filter |
fileName - [StringFilterInput!]
|
File name filter |
reportCreateDate - [DateTimeFilterInput!]
|
Report creation date filter |
Example
{
"fileHash": [StringFilterInput],
"fileName": [StringFilterInput],
"reportCreateDate": [DateTimeFilterInput]
}
Description
Sandbox reports query input
Fields
| Input Field | Description |
|---|---|
filter - SandboxReportsFilterInput
|
Query filter criteria |
paging - PagingInput!
|
Query pagination criteria Default |
sort - SandboxReportsSortInput!
|
Query sorting criteria Default |
Example
{
"filter": SandboxReportsFilterInput,
"paging": PagingInput,
"sort": SandboxReportsSortInput
}
Description
Output of sandbox reports query
Fields
| Field Name | Description |
|---|---|
pageInfo - PageInfo!
|
Pagination information |
report - [SandboxReport!]!
|
List of sandbox reports |
Example
{
"pageInfo": PageInfo,
"report": [SandboxReport]
}
Description
Sandbox reports query sorting
Fields
| Input Field | Description |
|---|---|
fileName - SortOrderInput
|
Sort by file name |
reportCreateDate - SortOrderInput
|
Sort by report creation date |
Example
{
"fileName": SortOrderInput,
"reportCreateDate": SortOrderInput
}
Description
Sandbox analysis status
Values
| Enum Value | Description |
|---|---|
|
|
Report has expired |
|
|
Analysis has failed |
|
|
File is being analyzed |
|
|
File is pending analysis |
|
|
File is queued for retry after throttling |
|
|
Analysis is complete - report is ready |
Example
"EXPIRED"
Description
Sandbox analysis verdict
Values
| Enum Value | Description |
|---|---|
|
|
File is clean |
|
|
File is malicious |
|
|
File is suspicious |
Example
"BENIGN"
ScanResult
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"BYPASS_BY_CONTENT_RULE"
SecondaryAwsVSocket
BetaFields
| Field Name | Description |
|---|---|
id - ID!
|
The ID of the secondary vSocket |
ipAddress - IPAddress!
|
The IP address of the secondary vSocket |
routeTableId - String!
|
The ID of the secondary vSocket route table |
site - SiteRef!
|
Site associated with this secondary vSocket. |
subnet - NetworkSubnet!
|
The subnet of the secondary vSocket |
Example
{
"id": "4",
"ipAddress": IPAddress,
"routeTableId": "xyz789",
"site": SiteRef,
"subnet": NetworkSubnet
}
SecondaryAzureVSocket
BetaFields
| Field Name | Description |
|---|---|
floatingIp - IPAddress!
|
The floating IP address |
id - ID!
|
The ID of the secondary vSocket |
interfaceIp - IPAddress!
|
The IP address of the interface |
site - SiteRef!
|
Information about the site where the secondary Azure vSocket is being added. |
Example
{
"floatingIp": IPAddress,
"id": 4,
"interfaceIp": IPAddress,
"site": SiteRef
}
Fields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
Fields
| Field Name | Description |
|---|---|
socketInfo - GcpVSocketInfo!
|
Example
{"socketInfo": GcpVSocketInfo}
Secret
Example
Secret
ServiceRef
BetaServiceRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
SeverityEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"High"
ShippingDetails
BetaFields
| Field Name | Description |
|---|---|
cityName - String
|
City |
comment - String
|
Comment |
companyName - String
|
Company name (recipient) |
contact - ContactDetails
|
Delivery contact detail |
countryName - String
|
Country |
incoterms - String
|
Shipping method |
instruction - String
|
Delivery instruction (required for EXW incoterms) |
powerCable - String
|
Power cable type (for sockets only) |
stateName - String
|
State (required only for USA) |
street - String
|
Street name and number |
vatId - String
|
Vat id (required for Brazil) |
zipCode - String
|
Zip Code |
Example
{
"cityName": "xyz789",
"comment": "xyz789",
"companyName": "xyz789",
"contact": ContactDetails,
"countryName": "xyz789",
"incoterms": "abc123",
"instruction": "abc123",
"powerCable": "abc123",
"stateName": "xyz789",
"street": "abc123",
"vatId": "abc123",
"zipCode": "xyz789"
}
ShippingDetailsInputByLocationId
BetaShippingStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONFIRM_SHIPPING"
ShippingStatusFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - ShippingStatus
|
|
in - [ShippingStatus!]
|
|
neq - ShippingStatus
|
|
nin - [ShippingStatus!]
|
Example
{
"eq": "CONFIRM_SHIPPING",
"in": ["CONFIRM_SHIPPING"],
"neq": "CONFIRM_SHIPPING",
"nin": ["CONFIRM_SHIPPING"]
}
ShippingTracking
BetaFields
| Field Name | Description |
|---|---|
carrier - String
|
Carrier (shipping company) |
shippingDate - Date
|
Shipping date |
shippingStatus - ShippingStatus
|
Shipping status |
trackingNumber - String
|
Tracking number |
trackingUrl - String
|
Tracking url |
Example
{
"carrier": "abc123",
"shippingDate": "2007-12-03",
"shippingStatus": "CONFIRM_SHIPPING",
"trackingNumber": "abc123",
"trackingUrl": "abc123"
}
SimilarStoryData
Example
{
"indication": "xyz789",
"similarityPercentage": 987.65,
"storyId": "xyz789",
"threatClassification": "xyz789",
"threatTypeName": "xyz789",
"verdict": "xyz789"
}
SimpleService
BetaFields
| Field Name | Description |
|---|---|
name - SimpleServiceType!
|
Example
{"name": "DNS_TCP"}
SimpleServiceInput
BetaFields
| Input Field | Description |
|---|---|
name - SimpleServiceType!
|
Example
{"name": "DNS_TCP"}
SimpleServiceRef
BetaSimpleServiceType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"DNS_TCP"
SiteBackhaulingPayload
BetaFields
| Field Name | Description |
|---|---|
destination - BackhaulingDestination
|
|
nextHopIP - IPAddress
|
|
preferredSocketPort - String
|
|
site - SiteRef!
|
|
useAsBackhaulingGW - Boolean!
|
Example
{
"destination": "INTERNET_BREAKOUT",
"nextHopIP": IPAddress,
"preferredSocketPort": "abc123",
"site": SiteRef,
"useAsBackhaulingGW": false
}
SiteBgpStatus
BetaFields
| Field Name | Description |
|---|---|
rawStatus - [String!]!
|
Raw BGP status information. |
status - [BgpDetailedStatus!]!
|
Detailed BGP status, including session and route details. |
Example
{
"rawStatus": ["abc123"],
"status": [BgpDetailedStatus]
}
SiteBgpStatusInput
BetaFields
| Input Field | Description |
|---|---|
site - SiteRefInput!
|
Identifying data for the site whose BGP status is being queried. |
Example
{"site": SiteRefInput}
SiteConnectionTypeEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"SOCKET_AWS1500"
SiteGeneralDetailsPayload
BetaFields
| Field Name | Description |
|---|---|
description - String
|
|
preferredPopLocation - SitePreferredPopLocation
|
Only relevant for socket sites |
site - SiteRef!
|
|
siteLocation - SiteLocation!
|
|
siteType - SiteType!
|
Example
{
"description": "xyz789",
"preferredPopLocation": SitePreferredPopLocation,
"site": SiteRef,
"siteLocation": SiteLocation,
"siteType": "BRANCH"
}
SiteInfo
Description
Basic Site configuration information
Fields
| Field Name | Description |
|---|---|
address - String
|
Address of the physical site location |
cityName - String
|
City of the physical site location |
connType - ProtoType
|
The Connection Type field defines how the site connects to the Cato Cloud, such as X1500 Socket or AWS vSocket (array with nested fields) |
countryCode - String
|
Code for the Country that is the physical location of the site |
countryName - String
|
Country that is the physical location of the site |
countryStateName - String
|
State of the country that is the physical site location |
creationTime - DateTime
|
Timestamp for when the site was created |
description - String
|
User defined description of the site |
interfaces - [InterfaceInfo!]
|
Basic configuration information about the Socket interface |
ipsec - [IPSecInfo!]
|
data related to IPsec sites, such as IKE version |
isHA - Boolean
|
When this boolean value is true, the site is enabled for high availability |
name - String
|
Name for the site |
region - String
|
Geographical PoP region that the site is licensed to use |
sockets - [SocketInfo!]
|
Data related to Socket and vSocket sites, such as serial number and Socket version (array with nested fields) |
type - SiteType
|
Site type in the Cato Management Application, such as branch office or datacenter |
Example
{
"address": "abc123",
"cityName": "abc123",
"connType": "CROSS_CONNECT",
"countryCode": "abc123",
"countryName": "abc123",
"countryStateName": "xyz789",
"creationTime": "2007-12-03T10:15:30Z",
"description": "abc123",
"interfaces": [InterfaceInfo],
"ipsec": [IPSecInfo],
"isHA": false,
"name": "abc123",
"region": "xyz789",
"sockets": [SocketInfo],
"type": "BRANCH"
}
SiteLicense
BetaDescription
Site bandwidth license
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
regionality - Regionality
|
For the relevant license groups, indicates whether this is a global or regional license. For other regions, the value is set to ‘NA’ (not applicable). |
site - SiteRef
|
Identifying data for the site the license is assigned to |
siteLicenseGroup - SiteLicenseGroup!
|
The license group. |
siteLicenseType - SiteLicenseType!
|
The selected service type, e.g SASE or SSE. |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
Maximum available bandwidth for the site, in Mbps |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"regionality": "GLOBAL",
"site": SiteRef,
"siteLicenseGroup": "AFRICA",
"siteLicenseType": "SASE",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987
}
SiteLicenseGroup
BetaValues
| Enum Value | Description |
|---|---|
|
|
legacy license group |
|
|
legacy license group |
|
|
legacy license group |
|
|
Country with stand-alone licenses (not part of a group) |
|
|
legacy license group |
|
|
legacy license group |
|
|
|
|
|
|
|
|
legacy license group |
|
|
legacy license group |
|
|
Country with stand-alone licenses (not part of a group) |
|
|
legacy license group |
|
|
Country with stand-alone licenses (not part of a group) |
Example
"AFRICA"
SiteLicenseType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"SASE"
SiteLocation
BetaSiteMetrics
Fields
| Field Name | Description |
|---|---|
flowCount - Timeseries
|
Timeseries with the number of flows (connections) in the site. Applicable only for site |
hostCount - Timeseries
|
Timeseries with the number of hosts in the site. Applicable only for site |
hostLimit - Timeseries
|
Timeseries with the configurable limit of the number of hosts in the site. Applicable only for site |
id - ID
|
Site ID |
info - SiteInfo
|
Shows general information about the site (array with nested fields). Applicable only for site |
interfaces - [InterfaceMetrics!]
|
Analytics that are returned for the links for a site |
metrics - Metrics
|
Traffic metrics and data for sites |
Arguments
|
|
name - String
|
Site names |
samples - Int
|
internal use |
Example
{
"flowCount": Timeseries,
"hostCount": Timeseries,
"hostLimit": Timeseries,
"id": "4",
"info": SiteInfo,
"interfaces": [InterfaceMetrics],
"metrics": Metrics,
"name": "abc123",
"samples": 123
}
SiteNetworkSubnetRef
BetaSiteNetworkSubnetRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
SitePreferredPopLocation
BetaFields
| Field Name | Description |
|---|---|
preferredOnly - Boolean!
|
Forces the socket to connect exclusively to the configured PoP locations |
primary - PopLocationRef
|
|
secondary - PopLocationRef
|
Example
{
"preferredOnly": true,
"primary": PopLocationRef,
"secondary": PopLocationRef
}
SiteRef
BetaSiteRefFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - SiteRefInput
|
|
in - [SiteRefInput!]
|
|
neq - SiteRefInput
|
|
nin - [SiteRefInput!]
|
Example
{
"eq": SiteRefInput,
"in": [SiteRefInput],
"neq": SiteRefInput,
"nin": [SiteRefInput]
}
SiteRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
SiteSnapshot
Fields
| Field Name | Description |
|---|---|
altWanStatus - String
|
Alternative WAN connectivity status |
connectedSince - DateTime
|
For connected sites, since when are they connected |
connectivityStatus - ConnectivityStatus
|
Connectivity to the Cato Cloud |
degradedStatus - DegradedStatus
|
Degraded status and details |
devices - [DeviceSnapshot!]
|
Data related to the Sockets for a site |
haStatus - HaStatus
|
Site HA readiness information |
hostCount - Int
|
Number of hosts connected to a site |
id - ID
|
site ID |
info - SiteInfo
|
General real-time information about the site |
lastConnected - DateTime
|
Relevant when the site is disconnected - the last time the device was connected |
operationalStatus - OperationalStatus
|
Status for a site or VPN user |
popName - String
|
Name of the PoP that the site is connected to |
protoId - ID
|
Example
{
"altWanStatus": "xyz789",
"connectedSince": "2007-12-03T10:15:30Z",
"connectivityStatus": "connected",
"degradedStatus": DegradedStatus,
"devices": [DeviceSnapshot],
"haStatus": HaStatus,
"hostCount": 987,
"id": 4,
"info": SiteInfo,
"lastConnected": "2007-12-03T10:15:30Z",
"operationalStatus": "active",
"popName": "xyz789",
"protoId": "4"
}
SiteSocketConfiguration
BetaFields
| Field Name | Description |
|---|---|
primarySocketConfiguration - SocketConfiguration!
|
Configuration for the primary Socket of the site. |
secondarySocketConfiguration - SocketConfiguration
|
Configuration for the secondary Socket of the site. |
Example
{
"primarySocketConfiguration": SocketConfiguration,
"secondarySocketConfiguration": SocketConfiguration
}
SiteSocketConfigurationInput
BetaFields
| Input Field | Description |
|---|---|
site - SiteRefInput!
|
Identifies the site. |
Example
{"site": SiteRefInput}
SiteType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"BRANCH"
Description
Represents a single site upgrade request.
Fields
| Input Field | Description |
|---|---|
site - SiteRefInput!
|
|
targetVersion - String!
|
Target version to upgrade the site's sockets to. |
Example
{
"site": SiteRefInput,
"targetVersion": "xyz789"
}
SocketAddOnCard
BetaFields
| Field Name | Description |
|---|---|
expansionSlotNumber - SocketAddOnExpansionSlotNumber!
|
|
type - SocketAddOnType!
|
Example
{"expansionSlotNumber": "SLOT_1", "type": "FOUR_10G_FIBER"}
Fields
| Input Field | Description |
|---|---|
expansionSlotNumber - SocketAddOnExpansionSlotNumber!
|
|
type - SocketAddOnType!
|
Example
{"expansionSlotNumber": "SLOT_1", "type": "FOUR_10G_FIBER"}
SocketAddOnExpansionSlotNumber
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"SLOT_1"
SocketAddOnType
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"FOUR_10G_FIBER"
SocketBypassAction
BetaFields
| Field Name | Description |
|---|---|
event - PolicyRuleTrackingEvent!
|
|
port - BypassSocketPortType!
|
Preferred Socket Port |
Example
{"event": PolicyRuleTrackingEvent, "port": "AUTOMATIC"}
SocketBypassActionInput
BetaFields
| Input Field | Description |
|---|---|
event - PolicyRuleTrackingEventInput!
|
|
port - BypassSocketPortType!
|
Preferred Socket Port Default |
Example
{
"event": PolicyRuleTrackingEventInput,
"port": "AUTOMATIC"
}
SocketBypassActionUpdateInput
BetaFields
| Input Field | Description |
|---|---|
event - PolicyRuleTrackingEventUpdateInput
|
|
port - BypassSocketPortType
|
Preferred Socket Port |
Example
{
"event": PolicyRuleTrackingEventUpdateInput,
"port": "AUTOMATIC"
}
SocketBypassAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - SocketBypassActionInput!
|
|
description - String!
|
|
destination - SocketBypassDestinationInput!
|
The destination of the traffic for the rule. Default |
enabled - Boolean!
|
|
exception - [SocketBypassExceptionInput!]!
|
Exceptions to the rule. Default |
name - String!
|
|
service - SocketBypassServiceInput!
|
|
site - SocketBypassSiteInput!
|
|
source - SocketBypassSourceInput!
|
The source of the traffic for the rule. Default |
Example
{
"action": SocketBypassActionInput,
"description": "abc123",
"destination": SocketBypassDestinationInput,
"enabled": false,
"exception": [SocketBypassExceptionInput],
"name": "xyz789",
"service": SocketBypassServiceInput,
"site": SocketBypassSiteInput,
"source": SocketBypassSourceInput
}
SocketBypassAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - SocketBypassAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": SocketBypassAddRuleDataInput
}
SocketBypassDestination
BetaDescription
Defines destinations (Application/Category) for the Bypass policy.
Fields
| Field Name | Description |
|---|---|
application - [ApplicationRef!]!
|
Applications matching criteria for this rule. |
customApp - [CustomApplicationRef!]!
|
Custom applications that can be matched by |
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
|
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges defined for your account. |
ip - [IPAddress!]!
|
IPv4 addresses. |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range. |
subnet - [NetworkSubnet!]!
|
Subnets from which traffic originates. |
Example
{
"application": [ApplicationRef],
"customApp": [CustomApplicationRef],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"subnet": [NetworkSubnet]
}
SocketBypassDestinationInput
BetaDescription
Defines destinations (Application/Category) for the Bypass policy.
Fields
| Input Field | Description |
|---|---|
application - [ApplicationRefInput!]!
|
Applications matching criteria for this rule. Default |
customApp - [CustomApplicationRefInput!]!
|
Custom applications that can be matched by Default |
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
|
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges defined for your account. Default |
ip - [IPAddress!]!
|
IPv4 addresses. Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range. Default |
subnet - [NetworkSubnet!]!
|
Subnets from which traffic originates. Default |
Example
{
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
SocketBypassDestinationUpdateInput
BetaDescription
Defines destinations (Application/Category) for the Bypass policy.
Fields
| Input Field | Description |
|---|---|
application - [ApplicationRefInput!]
|
Applications matching criteria for this rule. |
customApp - [CustomApplicationRefInput!]
|
Custom applications that can be matched by |
domain - [Domain!]
|
|
fqdn - [Fqdn!]
|
|
globalIpRange - [GlobalIpRangeRefInput!]
|
Global IP ranges defined for your account. |
ip - [IPAddress!]
|
IPv4 addresses. |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range. |
subnet - [NetworkSubnet!]
|
Subnets from which traffic originates. |
Example
{
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
SocketBypassException
BetaFields
| Field Name | Description |
|---|---|
destination - SocketBypassDestination!
|
The destination of the traffic for the rule. |
name - String!
|
The name of the Bypass rule. |
service - SocketBypassService!
|
|
site - SocketBypassSite!
|
|
source - SocketBypassSource!
|
The source of the traffic for the rule. |
Example
{
"destination": SocketBypassDestination,
"name": "xyz789",
"service": SocketBypassService,
"site": SocketBypassSite,
"source": SocketBypassSource
}
SocketBypassExceptionInput
BetaFields
| Input Field | Description |
|---|---|
destination - SocketBypassDestinationInput!
|
The destination of the traffic for the rule. Default |
name - String!
|
The name of the Bypass rule. |
service - SocketBypassServiceInput!
|
|
site - SocketBypassSiteInput!
|
|
source - SocketBypassSourceInput!
|
The source of the traffic for the rule. Default |
Example
{
"destination": SocketBypassDestinationInput,
"name": "abc123",
"service": SocketBypassServiceInput,
"site": SocketBypassSiteInput,
"source": SocketBypassSourceInput
}
SocketBypassPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [SocketBypassRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [SocketBypassRulePayload],
"sections": [PolicySectionPayload]
}
SocketBypassPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
SocketBypassPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
SocketBypassPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - SocketBypassPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": SocketBypassPolicy,
"status": "FAILURE"
}
SocketBypassPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
SocketBypassRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
SocketBypassRule
BetaFields
| Field Name | Description |
|---|---|
action - SocketBypassAction!
|
|
description - String!
|
Description for the rule |
destination - SocketBypassDestination!
|
The destination of the traffic for the rule. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
exception - [SocketBypassException!]!
|
Exceptions to the rule. |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
section - PolicySectionInfo!
|
Policy section where the rule is located |
service - SocketBypassService!
|
|
site - SocketBypassSite!
|
|
source - SocketBypassSource!
|
The source of the traffic for the rule. |
Example
{
"action": SocketBypassAction,
"description": "xyz789",
"destination": SocketBypassDestination,
"enabled": true,
"exception": [SocketBypassException],
"id": 4,
"index": 987,
"name": "xyz789",
"section": PolicySectionInfo,
"service": SocketBypassService,
"site": SocketBypassSite,
"source": SocketBypassSource
}
SocketBypassRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - SocketBypassRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": SocketBypassRulePayload,
"status": "FAILURE"
}
SocketBypassRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - SocketBypassRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": SocketBypassRule
}
SocketBypassService
BetaDescription
Defines services used in the Bypass policy.
Fields
| Field Name | Description |
|---|---|
custom - [CustomService!]!
|
Custom services defined for this rule. |
simple - [SimpleService!]!
|
Simple services allowed by the firewall rule. |
Example
{
"custom": [CustomService],
"simple": [SimpleService]
}
SocketBypassServiceInput
BetaDescription
Defines services used in the Bypass policy.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]!
|
Custom services defined for this rule. Default |
simple - [SimpleServiceInput!]!
|
Simple services allowed by the firewall rule. Default |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput]
}
SocketBypassServiceUpdateInput
BetaDescription
Defines services used in the Bypass policy.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]
|
Custom services defined for this rule. |
simple - [SimpleServiceInput!]
|
Simple services allowed by the firewall rule. |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput]
}
SocketBypassSite
BetaDescription
Represents the site configurations in the Bypass policy, empty site and group means 'ANY'
Fields
| Field Name | Description |
|---|---|
group - [GroupRef!]!
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v25 onwards. |
site - [SiteRef!]!
|
The sites the policy will be enforced on. Socket sites only, with Socket v25 onwards. |
Example
{
"group": [GroupRef],
"site": [SiteRef]
}
SocketBypassSiteInput
BetaDescription
Represents the site configurations in the Bypass policy, empty site and group means 'ANY'
Fields
| Input Field | Description |
|---|---|
group - [GroupRefInput!]!
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v25 onwards. Default |
site - [SiteRefInput!]!
|
The sites the policy will be enforced on. Socket sites only, with Socket v25 onwards. Default |
Example
{
"group": [GroupRefInput],
"site": [SiteRefInput]
}
SocketBypassSiteUpdateInput
BetaDescription
Represents the site configurations in the Bypass policy, empty site and group means 'ANY'
Fields
| Input Field | Description |
|---|---|
group - [GroupRefInput!]
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v25 onwards. |
site - [SiteRefInput!]
|
The sites the policy will be enforced on. Socket sites only, with Socket v25 onwards. |
Example
{
"group": [GroupRefInput],
"site": [SiteRefInput]
}
SocketBypassSource
BetaDescription
Defines sources for the Bypass policy.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges defined for your account. |
group - [GroupRef!]!
|
Groups defined for your account. |
host - [HostRef!]!
|
Hosts and servers defined for your account. |
ip - [IPAddress!]!
|
IPv4 addresses. |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRef!]!
|
Network interfaces defined for your site. |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]!
|
Subnets from which traffic originates. |
vlan - [Vlan!]!
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"vlan": [Vlan]
}
SocketBypassSourceInput
BetaDescription
Defines sources for the Bypass policy.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating subnets used to identify traffic based on specific criteria. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges defined for your account. Default |
group - [GroupRefInput!]!
|
Groups defined for your account. Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account. Default |
ip - [IPAddress!]!
|
IPv4 addresses. Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range. Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network interfaces defined for your site. Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
Subnets specific to a site defined for your account. Default |
subnet - [NetworkSubnet!]!
|
Subnets from which traffic originates. Default |
vlan - [Vlan!]!
|
VLAN ID matching criteria. Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"vlan": [Vlan]
}
SocketBypassSourceUpdateInput
BetaDescription
Defines sources for the Bypass policy.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Global IP ranges defined for your account. |
group - [GroupRefInput!]
|
Groups defined for your account. |
host - [HostRefInput!]
|
Hosts and servers defined for your account. |
ip - [IPAddress!]
|
IPv4 addresses. |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRefInput!]
|
Network interfaces defined for your site. |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]
|
Subnets from which traffic originates. |
vlan - [Vlan!]
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"vlan": [Vlan]
}
SocketBypassUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - SocketBypassActionUpdateInput
|
|
description - String
|
|
destination - SocketBypassDestinationUpdateInput
|
The destination of the traffic for the rule. |
enabled - Boolean
|
|
exception - [SocketBypassExceptionInput!]
|
Exceptions to the rule. |
name - String
|
|
service - SocketBypassServiceUpdateInput
|
|
site - SocketBypassSiteUpdateInput
|
|
source - SocketBypassSourceUpdateInput
|
The source of the traffic for the rule. |
Example
{
"action": SocketBypassActionUpdateInput,
"description": "xyz789",
"destination": SocketBypassDestinationUpdateInput,
"enabled": true,
"exception": [SocketBypassExceptionInput],
"name": "xyz789",
"service": SocketBypassServiceUpdateInput,
"site": SocketBypassSiteUpdateInput,
"source": SocketBypassSourceUpdateInput
}
SocketBypassUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - SocketBypassUpdateRuleDataInput!
|
Example
{"id": 4, "rule": SocketBypassUpdateRuleDataInput}
SocketConfiguration
BetaFields
| Field Name | Description |
|---|---|
description - String
|
A description for the Socket. |
Example
{"description": "abc123"}
SocketConfigurationInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
A description for the Socket. |
Example
{"description": "abc123"}
SocketInfo
Description
Basic information about socket
Fields
| Field Name | Description |
|---|---|
id - String
|
Unique ID for Socket |
isPrimary - Boolean
|
For HA configurations, when this boolean value is true, this the primary Socket |
platform - SocketPlatform
|
Shows Socket type |
serial - String
|
Serial number for the Socket |
version - String
|
Software version number that is currently installed on the Socket |
versionUpdateTime - DateTime
|
Timestamp when the Socket upgraded to the current hardware version |
Example
{
"id": "xyz789",
"isPrimary": true,
"platform": "AWS1500",
"serial": "xyz789",
"version": "xyz789",
"versionUpdateTime": "2007-12-03T10:15:30Z"
}
SocketInterfaceAltWanInput
Fields
| Input Field | Description |
|---|---|
privateGatewayIp - IPAddress!
|
|
privateInterfaceIp - IPAddress!
|
|
privateNetwork - IPSubnet!
|
|
privateVlanTag - Int
|
|
publicGatewayIp - IPAddress
|
|
publicInterfaceIp - IPAddress
|
|
publicNetwork - IPSubnet
|
|
publicVlanTag - Int
|
Example
{
"privateGatewayIp": IPAddress,
"privateInterfaceIp": IPAddress,
"privateNetwork": IPSubnet,
"privateVlanTag": 123,
"publicGatewayIp": IPAddress,
"publicInterfaceIp": IPAddress,
"publicNetwork": IPSubnet,
"publicVlanTag": 987
}
SocketInterfaceBandwidthInput
Example
{
"downstreamBandwidth": 123,
"downstreamBandwidthMbpsPrecision": 987.7,
"upstreamBandwidth": 987,
"upstreamBandwidthMbpsPrecision": 987.7
}
SocketInterfaceDestType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ALTERNATIVE"
SocketInterfaceIDEnum
Description
SocketInterface available ids, INT_# stands for 1,2,3...12 supported ids
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"INT_1"
SocketInterfaceLagInput
Fields
| Input Field | Description |
|---|---|
minLinks - Int!
|
Example
{"minLinks": 123}
SocketInterfaceLanInput
Fields
| Input Field | Description |
|---|---|
localIp - IPAddress!
|
|
subnet - IPSubnet!
|
|
translatedSubnet - IPSubnet
|
Example
{
"localIp": IPAddress,
"subnet": IPSubnet,
"translatedSubnet": IPSubnet
}
SocketInterfaceOffCloudInput
SocketInterfacePrecedenceEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ACTIVE"
SocketInterfaceRefInput
BetaDescription
Reference to a socket interface within a site.
Fields
| Input Field | Description |
|---|---|
interfaceId - SocketInterfaceIDEnum!
|
Interface identifier (e.g., WAN1, LAN1, USB1). |
Example
{"interfaceId": "INT_1"}
SocketInterfaceRole
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"wan_1"
SocketInterfaceVrrpInput
Fields
| Input Field | Description |
|---|---|
vrrpType - VrrpType
|
Example
{"vrrpType": "DIRECT_LINK"}
SocketInterfaceWanInput
Fields
| Input Field | Description |
|---|---|
precedence - SocketInterfacePrecedenceEnum!
|
|
role - SocketInterfaceRole!
|
Example
{"precedence": "ACTIVE", "role": "wan_1"}
SocketInterfaceWanRole
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"NONE"
SocketInventoryFilterInput
BetaFields
| Input Field | Description |
|---|---|
freeText - FreeTextFilterInput
|
Will run contains operation for the provided text on the following fields serialNumber,socketMac,socketVersion,installedSite, shippingCompany,trackingNumber,deliverySiteName,description,hardwareVersion with OR between them |
Example
{"freeText": FreeTextFilterInput}
SocketInventoryInput
BetaFields
| Input Field | Description |
|---|---|
filter - SocketInventoryFilterInput
|
|
paging - PagingInput
|
|
sort - SocketInventoryOrderInput
|
Example
{
"filter": SocketInventoryFilterInput,
"paging": PagingInput,
"sort": SocketInventoryOrderInput
}
SocketInventoryItem
BetaFields
| Field Name | Description |
|---|---|
account - AccountRef!
|
Socket account |
availableUpgradeVersions - [String!]!
|
Available upgrade versions |
deliverySiteName - String
|
Name of the delivery site |
description - String
|
Description |
hardwareVersion - String
|
Hardware Version |
id - ID!
|
ID |
isPrimary - Boolean!
|
Is primary socket |
registrationStatus - SocketRegistrationStatus
|
Registration status |
serialNumber - String
|
Serial number (unique) |
shippingCompany - String
|
Shipping company |
shippingDate - DateTime
|
Shipping date |
site - SiteRef
|
Socket's site |
socketMac - MacAddress
|
Mac address |
socketType - SocketPlatform
|
Socket Type |
socketVersion - String
|
Socket version |
status - SocketInventoryItemStatus
|
Socket status (see SocketInventoryItemStatus) |
trackingNumber - String
|
tracking number from the shipping company |
trackingUrl - Url
|
tracking url from the shipping company |
upgradesPaused - Boolean!
|
Are automatic upgrade paused |
upgradeStatus - SocketUpgradeStatus
|
Upgrade status |
Example
{
"account": AccountRef,
"availableUpgradeVersions": ["abc123"],
"deliverySiteName": "xyz789",
"description": "xyz789",
"hardwareVersion": "abc123",
"id": "4",
"isPrimary": false,
"registrationStatus": "ASSIGNED_SITE",
"serialNumber": "xyz789",
"shippingCompany": "abc123",
"shippingDate": "2007-12-03T10:15:30Z",
"site": SiteRef,
"socketMac": MacAddress,
"socketType": "AWS1500",
"socketVersion": "xyz789",
"status": "CONNECTED",
"trackingNumber": "xyz789",
"trackingUrl": Url,
"upgradesPaused": true,
"upgradeStatus": "CANCEL"
}
SocketInventoryItemStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CONNECTED"
SocketInventoryOrderInput
BetaFields
| Input Field | Description |
|---|---|
accountName - SortOrderInput
|
|
deliverySiteName - SortOrderInput
|
|
description - SortOrderInput
|
|
hardwareVersion - SortOrderInput
|
|
installedSite - SortOrderInput
|
|
serialNumber - SortOrderInput
|
|
shippingCompany - SortOrderInput
|
|
shippingDate - SortOrderInput
|
|
socketType - SortOrderInput
|
|
status - SortOrderInput
|
Default sort field |
Example
{
"accountName": SortOrderInput,
"deliverySiteName": SortOrderInput,
"description": SortOrderInput,
"hardwareVersion": SortOrderInput,
"installedSite": SortOrderInput,
"serialNumber": SortOrderInput,
"shippingCompany": SortOrderInput,
"shippingDate": SortOrderInput,
"socketType": SortOrderInput,
"status": SortOrderInput
}
SocketInventoryPayload
BetaFields
| Field Name | Description |
|---|---|
items - [SocketInventoryItem!]!
|
|
pageInfo - PageInfo!
|
Example
{
"items": [SocketInventoryItem],
"pageInfo": PageInfo
}
SocketLanAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
destination - SocketLanDestinationInput!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
direction - SocketLanDirection!
|
Direction of the traffic initiator matching criteria. Default |
enabled - Boolean!
|
|
name - String!
|
|
nat - SocketLanNatSettingsInput!
|
Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP. Default |
service - SocketLanServiceInput!
|
Destination service matching criteria for the rule. Port/Protocol based. Default |
site - SocketLanSiteInput!
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. Default |
source - SocketLanSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
transport - SocketLanTransportType!
|
The transport of the matching traffic. Either govern traffic to be routed locally (LAN), or to the PoP(WAN). Traffic is send to the WAN by default. Traffic routed in the LAN, enforced by the LAN Firewall rules. Default |
Example
{
"description": "abc123",
"destination": SocketLanDestinationInput,
"direction": "BOTH",
"enabled": true,
"name": "abc123",
"nat": SocketLanNatSettingsInput,
"service": SocketLanServiceInput,
"site": SocketLanSiteInput,
"source": SocketLanSourceInput,
"transport": "LAN"
}
SocketLanAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - SocketLanAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": SocketLanAddRuleDataInput
}
SocketLanDestination
BetaDescription
Returns the settings for Destination of a Wan Firewall rule.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
|
globalIpRange - [GlobalIpRangeRef!]!
|
|
group - [GroupRef!]!
|
|
host - [HostRef!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
networkInterface - [NetworkInterfaceRef!]!
|
|
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
|
subnet - [NetworkSubnet!]!
|
|
systemGroup - [SystemGroupRef!]!
|
|
vlan - [Vlan!]!
|
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"vlan": [Vlan]
}
SocketLanDestinationInput
BetaDescription
Input of the settings for Destination of a Wan Firewall rule.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
|
globalIpRange - [GlobalIpRangeRefInput!]!
|
|
group - [GroupRefInput!]!
|
|
host - [HostRefInput!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRangeInput!]!
|
|
networkInterface - [NetworkInterfaceRefInput!]!
|
|
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
|
subnet - [NetworkSubnet!]!
|
|
systemGroup - [SystemGroupRefInput!]!
|
|
vlan - [Vlan!]!
|
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanDestinationUpdateInput
BetaDescription
Input of the settings for Destination of a Wan Firewall rule.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
|
globalIpRange - [GlobalIpRangeRefInput!]
|
|
group - [GroupRefInput!]
|
|
host - [HostRefInput!]
|
|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
networkInterface - [NetworkInterfaceRefInput!]
|
|
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
|
subnet - [NetworkSubnet!]
|
|
systemGroup - [SystemGroupRefInput!]
|
|
vlan - [Vlan!]
|
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanDirection
BetaValues
| Enum Value | Description |
|---|---|
|
|
Specifies two-way direction. |
|
|
Specifies one-way direction. |
Example
"BOTH"
SocketLanFirewallAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ALLOW"
SocketLanFirewallAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - SocketLanFirewallAction!
|
Action to take when the rule is matched (ALLOW or BLOCK). Default |
application - SocketLanFirewallApplicationInput!
|
Application traffic matching criteria. Default |
description - String!
|
|
destination - SocketLanFirewallDestinationInput!
|
Defines destinations for the socket LAN firewall. Also, inherited by Network Rule above. Default |
direction - SocketLanFirewallDirection!
|
Direction of the traffic (TO or BOTH). Default |
enabled - Boolean!
|
|
name - String!
|
|
service - SocketLanFirewallServiceTypeInput!
|
Service traffic matching criteria. Default |
source - SocketLanFirewallSourceInput!
|
Defines sources for the socket LAN firewall. Also, inherited by Network Rule above. Default |
tracking - PolicyTrackingInput!
|
Tracking information when the rule is matched, such as events and notifications. Default |
Example
{
"action": "ALLOW",
"application": SocketLanFirewallApplicationInput,
"description": "abc123",
"destination": SocketLanFirewallDestinationInput,
"direction": "BOTH",
"enabled": false,
"name": "xyz789",
"service": SocketLanFirewallServiceTypeInput,
"source": SocketLanFirewallSourceInput,
"tracking": PolicyTrackingInput
}
SocketLanFirewallAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicySubRulePositionInput
|
Position of the rule in the policy |
rule - SocketLanFirewallAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicySubRulePositionInput,
"rule": SocketLanFirewallAddRuleDataInput
}
SocketLanFirewallApplication
BetaDescription
Defines applications for the socket LAN firewall.
Fields
| Field Name | Description |
|---|---|
application - [ApplicationRef!]!
|
Applications matching criteria for this rule. |
customApp - [CustomApplicationRef!]!
|
Custom applications that can be matched by |
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
|
globalIpRange - [GlobalIpRangeRef!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"application": [ApplicationRef],
"customApp": [CustomApplicationRef],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"subnet": [NetworkSubnet]
}
SocketLanFirewallApplicationInput
BetaDescription
Defines applications for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
application - [ApplicationRefInput!]!
|
Applications matching criteria for this rule. Default |
customApp - [CustomApplicationRefInput!]!
|
Custom applications that can be matched by Default |
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
|
globalIpRange - [GlobalIpRangeRefInput!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRangeInput!]!
|
|
subnet - [NetworkSubnet!]!
|
Example
{
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
SocketLanFirewallApplicationUpdateInput
BetaDescription
Defines applications for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
application - [ApplicationRefInput!]
|
Applications matching criteria for this rule. |
customApp - [CustomApplicationRefInput!]
|
Custom applications that can be matched by |
domain - [Domain!]
|
|
fqdn - [Fqdn!]
|
|
globalIpRange - [GlobalIpRangeRefInput!]
|
|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
subnet - [NetworkSubnet!]
|
Example
{
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"subnet": [NetworkSubnet]
}
SocketLanFirewallDestination
BetaDescription
Defines destinations for the socket LAN firewall.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges defined for your account. |
group - [GroupRef!]!
|
Groups defined for your account. |
host - [HostRef!]!
|
Hosts and servers defined for your account. |
ip - [IPAddress!]!
|
IPv4 addresses. |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRef!]!
|
Network interfaces defined for your site. |
site - [SiteRef!]!
|
Sites defined for your account. |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]!
|
Subnets to which traffic is directed. |
systemGroup - [SystemGroupRef!]!
|
Predefined system groups in your account. |
vlan - [Vlan!]!
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"vlan": [Vlan]
}
SocketLanFirewallDestinationInput
BetaDescription
Defines destinations for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating subnets used to identify traffic based on specific criteria. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges defined for your account. Default |
group - [GroupRefInput!]!
|
Groups defined for your account. Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account. Default |
ip - [IPAddress!]!
|
IPv4 addresses. Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range. Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network interfaces defined for your site. Default |
site - [SiteRefInput!]!
|
Sites defined for your account. Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
Subnets specific to a site defined for your account. Default |
subnet - [NetworkSubnet!]!
|
Subnets to which traffic is directed. Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined system groups in your account. Default |
vlan - [Vlan!]!
|
VLAN ID matching criteria. Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanFirewallDestinationUpdateInput
BetaDescription
Defines destinations for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Global IP ranges defined for your account. |
group - [GroupRefInput!]
|
Groups defined for your account. |
host - [HostRefInput!]
|
Hosts and servers defined for your account. |
ip - [IPAddress!]
|
IPv4 addresses. |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRefInput!]
|
Network interfaces defined for your site. |
site - [SiteRefInput!]
|
Sites defined for your account. |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]
|
Subnets to which traffic is directed. |
systemGroup - [SystemGroupRefInput!]
|
Predefined system groups in your account. |
vlan - [Vlan!]
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanFirewallDirection
BetaValues
| Enum Value | Description |
|---|---|
|
|
Specifies two-way direction. |
|
|
Specifies one-way direction. |
Example
"BOTH"
SocketLanFirewallRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
SocketLanFirewallRule
BetaFields
| Field Name | Description |
|---|---|
action - SocketLanFirewallAction!
|
Action to take when the rule is matched (ALLOW or BLOCK). |
application - SocketLanFirewallApplication!
|
Application traffic matching criteria. |
description - String!
|
Description for the rule |
destination - SocketLanFirewallDestination!
|
Defines destinations for the socket LAN firewall. Also, inherited by Network Rule above. |
direction - SocketLanFirewallDirection!
|
Direction of the traffic (TO or BOTH). |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
section - PolicySectionInfo!
|
Policy section where the rule is located |
service - SocketLanFirewallServiceType!
|
Service traffic matching criteria. |
source - SocketLanFirewallSource!
|
Defines sources for the socket LAN firewall. Also, inherited by Network Rule above. |
tracking - PolicyTracking!
|
Tracking information when the rule is matched, such as events and notifications. |
Example
{
"action": "ALLOW",
"application": SocketLanFirewallApplication,
"description": "abc123",
"destination": SocketLanFirewallDestination,
"direction": "BOTH",
"enabled": false,
"id": "4",
"index": 123,
"name": "xyz789",
"section": PolicySectionInfo,
"service": SocketLanFirewallServiceType,
"source": SocketLanFirewallSource,
"tracking": PolicyTracking
}
SocketLanFirewallRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - SocketLanFirewallRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": SocketLanFirewallRulePayload,
"status": "FAILURE"
}
SocketLanFirewallRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - SocketLanFirewallRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": SocketLanFirewallRule
}
SocketLanFirewallServiceType
BetaDescription
Defines services used in the socket LAN firewall.
Fields
| Field Name | Description |
|---|---|
custom - [CustomService!]!
|
Custom services defined for this rule. |
simple - [SimpleService!]!
|
Simple services allowed by the firewall rule. |
standard - [ServiceRef!]!
|
Standard services allowed by the firewall rule. |
Example
{
"custom": [CustomService],
"simple": [SimpleService],
"standard": [ServiceRef]
}
SocketLanFirewallServiceTypeInput
BetaDescription
Defines services used in the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]!
|
Custom services defined for this rule. Default |
simple - [SimpleServiceInput!]!
|
Simple services allowed by the firewall rule. Default |
standard - [ServiceRefInput!]!
|
Standard services allowed by the firewall rule. Default |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput],
"standard": [ServiceRefInput]
}
SocketLanFirewallServiceTypeUpdateInput
BetaDescription
Defines services used in the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]
|
Custom services defined for this rule. |
simple - [SimpleServiceInput!]
|
Simple services allowed by the firewall rule. |
standard - [ServiceRefInput!]
|
Standard services allowed by the firewall rule. |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput],
"standard": [ServiceRefInput]
}
SocketLanFirewallSource
BetaDescription
Defines sources for the socket LAN firewall.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRef!]!
|
Global IP ranges defined for your account. |
group - [GroupRef!]!
|
Groups defined for your account. |
host - [HostRef!]!
|
Hosts and servers defined for your account. |
ip - [IPAddress!]!
|
IPv4 addresses. |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range. |
mac - [MacAddress!]!
|
MAC addresses of devices matching criteria. |
networkInterface - [NetworkInterfaceRef!]!
|
Network interfaces defined for your site. |
site - [SiteRef!]!
|
Sites defined for your account. |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]!
|
Subnets from which traffic originates. |
systemGroup - [SystemGroupRef!]!
|
Predefined system groups in your account. |
vlan - [Vlan!]!
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"mac": [MacAddress],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"vlan": [Vlan]
}
SocketLanFirewallSourceInput
BetaDescription
Defines sources for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating subnets used to identify traffic based on specific criteria. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Global IP ranges defined for your account. Default |
group - [GroupRefInput!]!
|
Groups defined for your account. Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account. Default |
ip - [IPAddress!]!
|
IPv4 addresses. Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range. Default |
mac - [MacAddress!]!
|
MAC addresses of devices matching criteria. Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network interfaces defined for your site. Default |
site - [SiteRefInput!]!
|
Sites defined for your account. Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
Subnets specific to a site defined for your account. Default |
subnet - [NetworkSubnet!]!
|
Subnets from which traffic originates. Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined system groups in your account. Default |
vlan - [Vlan!]!
|
VLAN ID matching criteria. Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"mac": [MacAddress],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanFirewallSourceUpdateInput
BetaDescription
Defines sources for the socket LAN firewall.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating subnets used to identify traffic based on specific criteria. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Global IP ranges defined for your account. |
group - [GroupRefInput!]
|
Groups defined for your account. |
host - [HostRefInput!]
|
Hosts and servers defined for your account. |
ip - [IPAddress!]
|
IPv4 addresses. |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range. |
mac - [MacAddress!]
|
MAC addresses of devices matching criteria. |
networkInterface - [NetworkInterfaceRefInput!]
|
Network interfaces defined for your site. |
site - [SiteRefInput!]
|
Sites defined for your account. |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
Subnets specific to a site defined for your account. |
subnet - [NetworkSubnet!]
|
Subnets from which traffic originates. |
systemGroup - [SystemGroupRefInput!]
|
Predefined system groups in your account. |
vlan - [Vlan!]
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"mac": [MacAddress],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanFirewallUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - SocketLanFirewallAction
|
Action to take when the rule is matched (ALLOW or BLOCK). |
application - SocketLanFirewallApplicationUpdateInput
|
Application traffic matching criteria. |
description - String
|
|
destination - SocketLanFirewallDestinationUpdateInput
|
Defines destinations for the socket LAN firewall. Also, inherited by Network Rule above. |
direction - SocketLanFirewallDirection
|
Direction of the traffic (TO or BOTH). |
enabled - Boolean
|
|
name - String
|
|
service - SocketLanFirewallServiceTypeUpdateInput
|
Service traffic matching criteria. |
source - SocketLanFirewallSourceUpdateInput
|
Defines sources for the socket LAN firewall. Also, inherited by Network Rule above. |
tracking - PolicyTrackingUpdateInput
|
Tracking information when the rule is matched, such as events and notifications. |
Example
{
"action": "ALLOW",
"application": SocketLanFirewallApplicationUpdateInput,
"description": "xyz789",
"destination": SocketLanFirewallDestinationUpdateInput,
"direction": "BOTH",
"enabled": true,
"name": "abc123",
"service": SocketLanFirewallServiceTypeUpdateInput,
"source": SocketLanFirewallSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
SocketLanFirewallUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - SocketLanFirewallUpdateRuleDataInput!
|
Example
{"id": 4, "rule": SocketLanFirewallUpdateRuleDataInput}
SocketLanNatSettings
BetaDescription
Defines NAT settings for the socket LAN policy.
Fields
| Field Name | Description |
|---|---|
enabled - Boolean!
|
Indicates if NAT is enabled. |
natType - SocketLanNatType!
|
Example
{"enabled": false, "natType": "DYNAMIC_PAT"}
SocketLanNatSettingsInput
BetaDescription
Defines NAT settings for the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
enabled - Boolean!
|
Indicates if NAT is enabled. Default |
natType - SocketLanNatType!
|
Example
{"enabled": true, "natType": "DYNAMIC_PAT"}
SocketLanNatSettingsUpdateInput
BetaDescription
Defines NAT settings for the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
enabled - Boolean
|
Indicates if NAT is enabled. |
natType - SocketLanNatType
|
Example
{"enabled": true, "natType": "DYNAMIC_PAT"}
SocketLanNatType
BetaValues
| Enum Value | Description |
|---|---|
|
|
Example
"DYNAMIC_PAT"
SocketLanPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [SocketLanRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [SocketLanRulePayload],
"sections": [PolicySectionPayload]
}
SocketLanPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
SocketLanPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
SocketLanPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - SocketLanPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": SocketLanPolicy,
"status": "FAILURE"
}
SocketLanPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
SocketLanRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
SocketLanRule
BetaFields
| Field Name | Description |
|---|---|
description - String!
|
Description for the rule |
destination - SocketLanDestination!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
direction - SocketLanDirection!
|
Direction of the traffic initiator matching criteria. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
firewall - [SocketLanFirewallRulePayload!]!
|
|
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
nat - SocketLanNatSettings!
|
Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
service - SocketLanService!
|
Destination service matching criteria for the rule. Port/Protocol based. |
site - SocketLanSite!
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
source - SocketLanSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
transport - SocketLanTransportType!
|
The transport of the matching traffic. Either govern traffic to be routed locally (LAN), or to the PoP(WAN). Traffic is send to the WAN by default. Traffic routed in the LAN, enforced by the LAN Firewall rules. |
Example
{
"description": "abc123",
"destination": SocketLanDestination,
"direction": "BOTH",
"enabled": false,
"firewall": [SocketLanFirewallRulePayload],
"id": "4",
"index": 123,
"name": "xyz789",
"nat": SocketLanNatSettings,
"section": PolicySectionInfo,
"service": SocketLanService,
"site": SocketLanSite,
"source": SocketLanSource,
"transport": "LAN"
}
SocketLanRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - SocketLanRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": SocketLanRulePayload,
"status": "FAILURE"
}
SocketLanRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - SocketLanRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": SocketLanRule
}
SocketLanService
BetaDescription
Defines services used in the socket LAN policy.
Fields
| Field Name | Description |
|---|---|
custom - [CustomService!]!
|
Custom Port/Protocol service. |
simple - [SimpleService!]!
|
List of L4 based services. |
Example
{
"custom": [CustomService],
"simple": [SimpleService]
}
SocketLanServiceInput
BetaDescription
Defines services used in the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]!
|
Custom Port/Protocol service. Default |
simple - [SimpleServiceInput!]!
|
List of L4 based services. Default |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput]
}
SocketLanServiceUpdateInput
BetaDescription
Defines services used in the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]
|
Custom Port/Protocol service. |
simple - [SimpleServiceInput!]
|
List of L4 based services. |
Example
{
"custom": [CustomServiceInput],
"simple": [SimpleServiceInput]
}
SocketLanSite
BetaDescription
Represents the site configurations in the socket LAN policy.
Fields
| Field Name | Description |
|---|---|
group - [GroupRef!]!
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
site - [SiteRef!]!
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
Example
{
"group": [GroupRef],
"site": [SiteRef]
}
SocketLanSiteInput
BetaDescription
Represents the site configurations in the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
group - [GroupRefInput!]!
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. Default |
site - [SiteRefInput!]!
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. Default |
Example
{
"group": [GroupRefInput],
"site": [SiteRefInput]
}
SocketLanSiteUpdateInput
BetaDescription
Represents the site configurations in the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
group - [GroupRefInput!]
|
The group of sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
site - [SiteRefInput!]
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
Example
{
"group": [GroupRefInput],
"site": [SiteRefInput]
}
SocketLanSource
BetaDescription
Defines sources for the socket LAN policy.
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects. |
group - [GroupRef!]!
|
Predefined Cato groups, Socket sites/objects only. |
host - [HostRef!]!
|
Hosts and servers defined for your under Socket sites. |
ip - [IPAddress!]!
|
IP address. |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site. |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site. |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups. |
vlan - [Vlan!]!
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"vlan": [Vlan]
}
SocketLanSourceInput
BetaDescription
Defines sources for the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects. Default |
group - [GroupRefInput!]!
|
Predefined Cato groups, Socket sites/objects only. Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your under Socket sites. Default |
ip - [IPAddress!]!
|
IP address. Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range. Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site. Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site. Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups. Default |
vlan - [Vlan!]!
|
VLAN ID matching criteria. Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanSourceUpdateInput
BetaDescription
Defines sources for the socket LAN policy.
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects. |
group - [GroupRefInput!]
|
Predefined Cato groups, Socket sites/objects only. |
host - [HostRefInput!]
|
Hosts and servers defined for your under Socket sites. |
ip - [IPAddress!]
|
IP address. |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range. |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site. |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site. |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups. |
vlan - [Vlan!]
|
VLAN ID matching criteria. |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"vlan": [Vlan]
}
SocketLanTransportType
BetaValues
| Enum Value | Description |
|---|---|
|
|
Specifies LAN transport type, routed locally for inspection of LAN Firewall. |
|
|
Specifies WAN transport type, send to the PoP for inspection of WAN Firewall. |
Example
"LAN"
SocketLanUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
destination - SocketLanDestinationUpdateInput
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
direction - SocketLanDirection
|
Direction of the traffic initiator matching criteria. |
enabled - Boolean
|
|
name - String
|
|
nat - SocketLanNatSettingsUpdateInput
|
Optionally, enable NAT on the outgoing interface. This translates all originating IPs to one NAT IP. |
service - SocketLanServiceUpdateInput
|
Destination service matching criteria for the rule. Port/Protocol based. |
site - SocketLanSiteUpdateInput
|
The sites the policy will be enforced on. Socket sites only, with Socket v22 onwards. |
source - SocketLanSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
transport - SocketLanTransportType
|
The transport of the matching traffic. Either govern traffic to be routed locally (LAN), or to the PoP(WAN). Traffic is send to the WAN by default. Traffic routed in the LAN, enforced by the LAN Firewall rules. |
Example
{
"description": "xyz789",
"destination": SocketLanDestinationUpdateInput,
"direction": "BOTH",
"enabled": true,
"name": "abc123",
"nat": SocketLanNatSettingsUpdateInput,
"service": SocketLanServiceUpdateInput,
"site": SocketLanSiteUpdateInput,
"source": SocketLanSourceUpdateInput,
"transport": "LAN"
}
SocketLanUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - SocketLanUpdateRuleDataInput!
|
Example
{"id": 4, "rule": SocketLanUpdateRuleDataInput}
SocketPlatform
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"AWS1500"
SocketPortMetrics
Example
{
"from": "2007-12-03T10:15:30Z",
"id": 4,
"records": [SocketPortMetricsRecord],
"to": "2007-12-03T10:15:30Z",
"total": 987,
"totals": Map
}
SocketPortMetricsDimension
Fields
| Input Field | Description |
|---|---|
fieldName - SocketPortMetricsFieldName!
|
Example
{"fieldName": "account_id"}
SocketPortMetricsField
Fields
| Field Name | Description |
|---|---|
name - SocketPortMetricsFieldName!
|
|
value - Value!
|
Example
{"name": "account_id", "value": StringValue}
SocketPortMetricsFieldName
Values
| Enum Value | Description |
|---|---|
|
|
Unique identifier of the account that owns the site. |
|
|
Total bytes received downstream (from the network to the device). |
|
|
Combined total of upstream and downstream bytes. |
|
|
Total bytes sent upstream (from the device to the network). |
|
|
Reference Signal Received Power – measures LTE/5G signal strength (dBm). |
|
|
Reference Signal Received Quality – a key LTE/5G metric for link quality (dB). |
|
|
Received Signal Strength Indicator – legacy strength metric (dBm). |
|
|
Generic signal strength indicator (often maps to bars or percentage). |
|
|
Signal to Interference + Noise Ratio – LTE/5G metric for signal clarity (dB). |
|
|
Unique identifier of the Socket (Cato edge device). |
|
|
Indicates the high-availability (HA) role of the device (e.g., active, standby). |
|
|
Type of physical interface (e.g., ethernet, cellular). |
|
|
SIM card number (for cellular interfaces). |
|
|
Unique identifier of the site where the socket is deployed. |
|
|
Human-readable name of the site. |
|
|
The name or ID of the physical or logical interface on the Socket device (e.g., eth0, cell1). |
|
|
Describes the interface role such as primary, backup, cellular, or none. |
|
|
Current download throughput in Mbps. |
|
|
Current upload throughput in Mbps. |
|
|
Type of transport used by the interface (e.g., wired, lte, 5g, wifi). |
Example
"account_id"
SocketPortMetricsFilter
Fields
| Input Field | Description |
|---|---|
fieldName - SocketPortMetricsFieldName!
|
|
operator - FilterOperator!
|
|
values - [String!]!
|
Example
{
"fieldName": "account_id",
"operator": "between",
"values": ["xyz789"]
}
SocketPortMetricsMeasure
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
fieldName - SocketPortMetricsFieldName!
|
|
trend - Boolean
|
Example
{"aggType": "any", "fieldName": "account_id", "trend": true}
SocketPortMetricsPostAggFilter
Fields
| Input Field | Description |
|---|---|
aggType - AggregationType!
|
|
filter - SocketPortMetricsFilter!
|
Example
{"aggType": "any", "filter": SocketPortMetricsFilter}
SocketPortMetricsRecord
Fields
| Field Name | Description |
|---|---|
fields - [SocketPortMetricsField!]
|
|
fieldsMap - Map
|
fields in map format (see Map scalar) |
fieldsUnitTypes - [UnitType!]
|
|
prevTimeFrame - Map
|
|
trends - Map
|
Example
{
"fields": [SocketPortMetricsField],
"fieldsMap": Map,
"fieldsUnitTypes": ["bits"],
"prevTimeFrame": Map,
"trends": Map
}
SocketPortMetricsSort
Fields
| Input Field | Description |
|---|---|
fieldName - SocketPortMetricsFieldName!
|
|
order - DirectionEnum!
|
Example
{"fieldName": "account_id", "order": "asc"}
SocketPortMetricsTimeSeries
SocketRegistrationStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ASSIGNED_SITE"
SocketUpgradeStatus
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"CANCEL"
SortDirectionEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"asc"
SortInput
Fields
| Input Field | Description |
|---|---|
field - String
|
|
order - DirectionInput
|
Example
{"field": "xyz789", "order": "asc"}
SortOrder
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"ASC"
SortOrderInput
BetaFields
| Input Field | Description |
|---|---|
direction - SortOrder!
|
|
priority - Int!
|
Example
{"direction": "ASC", "priority": 987}
SplitTunnelActionEnum
BetaDescription
The action applied by the split tunnel if the rule is matched
Values
| Enum Value | Description |
|---|---|
|
|
Route all traffic to Cato - Will be Deprecated by ROUTE_ALL_TO_CATO_EXCEPT |
|
|
Route all traffic Out-of-Tunnel - Will be Deprecated by ROUTE_ONLY_SELECTED |
|
|
|
|
|
Route all traffic to Cato - Not yet supported |
|
|
Route all traffic Out-of-Tunnel - Not yet supported |
|
|
User choose routing preference |
Example
"EXCLUDE"
SplitTunnelAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - SplitTunnelActionEnum!
|
The action applied by the split tunnel if the rule is matched Default |
country - [CountryRefInput!]!
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
coverage - SplitTunnelCoverageEnum
|
|
description - String!
|
|
destination - SplitTunnelDestinationInput!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
dnsExclusion - SplitTunnelDnsExclusionInput
|
|
enabled - Boolean!
|
|
name - String!
|
|
platform - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
routingPriority - SplitTunnelRoutingPriorityEnum!
|
|
source - SplitTunnelSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
sourceNetwork - SplitTunnelSourceNetworkInput!
|
Example
{
"action": "EXCLUDE",
"country": [CountryRefInput],
"coverage": "ALL",
"description": "xyz789",
"destination": SplitTunnelDestinationInput,
"dnsExclusion": SplitTunnelDnsExclusionInput,
"enabled": false,
"name": "xyz789",
"platform": ["ANDROID"],
"routingPriority": "LAN",
"source": SplitTunnelSourceInput,
"sourceNetwork": SplitTunnelSourceNetworkInput
}
SplitTunnelAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - SplitTunnelAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": SplitTunnelAddRuleDataInput
}
SplitTunnelCoverageEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
All Ports and Protocols |
|
|
Web-only (PAC based) |
Example
"ALL"
SplitTunnelDestination
BetaDescription
Destination match criteria set
Fields
| Field Name | Description |
|---|---|
application - [ApplicationRef!]!
|
Applications for the rule (pre-defined) |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range |
Example
{
"application": [ApplicationRef],
"globalIpRange": [GlobalIpRangeRef]
}
SplitTunnelDestinationInput
BetaDescription
Destination match criteria set
Fields
| Input Field | Description |
|---|---|
application - [ApplicationRefInput!]!
|
Applications for the rule (pre-defined) Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range Default |
Example
{
"application": [ApplicationRefInput],
"globalIpRange": [GlobalIpRangeRefInput]
}
SplitTunnelDestinationUpdateInput
BetaDescription
Destination match criteria set
Fields
| Input Field | Description |
|---|---|
application - [ApplicationRefInput!]
|
Applications for the rule (pre-defined) |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range |
Example
{
"application": [ApplicationRefInput],
"globalIpRange": [GlobalIpRangeRefInput]
}
SplitTunnelDnsExclusion
BetaFields
| Field Name | Description |
|---|---|
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
Example
{"domain": [Domain]}
SplitTunnelDnsExclusionInput
BetaFields
| Input Field | Description |
|---|---|
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. Default |
Example
{"domain": [Domain]}
SplitTunnelDnsExclusionUpdateInput
BetaFields
| Input Field | Description |
|---|---|
domain - [Domain!]
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
Example
{"domain": [Domain]}
SplitTunnelPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [SplitTunnelRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [SplitTunnelRulePayload],
"sections": [PolicySectionPayload]
}
SplitTunnelPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
SplitTunnelPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
SplitTunnelPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - SplitTunnelPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": SplitTunnelPolicy,
"status": "FAILURE"
}
SplitTunnelPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
SplitTunnelRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
SplitTunnelRoutingPriorityEnum
BetaDescription
The action applied by the split tunnel if the rule is matched
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"LAN"
SplitTunnelRule
BetaFields
| Field Name | Description |
|---|---|
action - SplitTunnelActionEnum!
|
The action applied by the split tunnel if the rule is matched |
country - [CountryRef!]!
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
coverage - SplitTunnelCoverageEnum
|
|
description - String!
|
Description for the rule |
destination - SplitTunnelDestination!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
dnsExclusion - SplitTunnelDnsExclusion
|
|
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
platform - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
routingPriority - SplitTunnelRoutingPriorityEnum!
|
|
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - SplitTunnelSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
sourceNetwork - SplitTunnelSourceNetwork!
|
Example
{
"action": "EXCLUDE",
"country": [CountryRef],
"coverage": "ALL",
"description": "abc123",
"destination": SplitTunnelDestination,
"dnsExclusion": SplitTunnelDnsExclusion,
"enabled": false,
"id": 4,
"index": 123,
"name": "abc123",
"platform": ["ANDROID"],
"routingPriority": "LAN",
"section": PolicySectionInfo,
"source": SplitTunnelSource,
"sourceNetwork": SplitTunnelSourceNetwork
}
SplitTunnelRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - SplitTunnelRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": SplitTunnelRulePayload,
"status": "FAILURE"
}
SplitTunnelRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - SplitTunnelRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": SplitTunnelRule
}
SplitTunnelSource
BetaDescription
Returns the settings for Source of an Split Tunnel rule
Fields
| Field Name | Description |
|---|---|
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
SplitTunnelSourceInput
BetaDescription
Input of the settings for Source of an Split Tunnel rule
Fields
| Input Field | Description |
|---|---|
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
SplitTunnelSourceNetwork
BetaFields
| Field Name | Description |
|---|---|
sourceNetworkType - SplitTunnelSourceNetworkTypeEnum!
|
Example
{"sourceNetworkType": "ANY"}
SplitTunnelSourceNetworkInput
BetaFields
| Input Field | Description |
|---|---|
sourceNetworkType - SplitTunnelSourceNetworkTypeEnum!
|
Example
{"sourceNetworkType": "ANY"}
SplitTunnelSourceNetworkTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Any Managed Network |
|
|
Any Unmanaged Network |
Example
"ANY"
SplitTunnelSourceNetworkUpdateInput
BetaFields
| Input Field | Description |
|---|---|
sourceNetworkType - SplitTunnelSourceNetworkTypeEnum
|
Example
{"sourceNetworkType": "ANY"}
SplitTunnelSourceUpdateInput
BetaDescription
Input of the settings for Source of an Split Tunnel rule
Fields
| Input Field | Description |
|---|---|
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
SplitTunnelUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - SplitTunnelActionEnum
|
The action applied by the split tunnel if the rule is matched |
country - [CountryRefInput!]
|
Country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
coverage - SplitTunnelCoverageEnum
|
|
description - String
|
|
destination - SplitTunnelDestinationUpdateInput
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
dnsExclusion - SplitTunnelDnsExclusionUpdateInput
|
|
enabled - Boolean
|
|
name - String
|
|
platform - [OperatingSystem!]
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
routingPriority - SplitTunnelRoutingPriorityEnum
|
|
source - SplitTunnelSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
sourceNetwork - SplitTunnelSourceNetworkUpdateInput
|
Example
{
"action": "EXCLUDE",
"country": [CountryRefInput],
"coverage": "ALL",
"description": "abc123",
"destination": SplitTunnelDestinationUpdateInput,
"dnsExclusion": SplitTunnelDnsExclusionUpdateInput,
"enabled": true,
"name": "xyz789",
"platform": ["ANDROID"],
"routingPriority": "LAN",
"source": SplitTunnelSourceUpdateInput,
"sourceNetwork": SplitTunnelSourceNetworkUpdateInput
}
SplitTunnelUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - SplitTunnelUpdateRuleDataInput!
|
Example
{"id": 4, "rule": SplitTunnelUpdateRuleDataInput}
Description
Input for bulk site upgrade requests.
Fields
| Input Field | Description |
|---|---|
upgrades - [SiteUpgradeRequest!]!
|
Example
{"upgrades": [SiteUpgradeRequest]}
Description
Wrapper for site upgrade response.
Fields
| Field Name | Description |
|---|---|
results - [SiteUpgradeInfo!]!
|
List of individual site upgrade results. |
Example
{"results": [SiteUpgradeInfo]}
StatusCount
BetaStoriesData
BetaStory
BetaFields
| Field Name | Description |
|---|---|
accountId - Int!
|
ID for your Cato account |
accountName - String
|
Name of the account in the Cato Management Application |
analystEmail - String
|
Email address of the analyst working on the story |
analystName - String
|
Name of analyst working on the story |
createdAt - DateTime!
|
Timestamp when the story was created |
id - ID!
|
Unique Cato ID for each story |
incident - MergedIncident!
|
Data related to the fields and incidents that were merged to create or update the story |
investigationDetails - InvestigationDetails
|
|
playbook - String
|
URL for the playbook in the Knowledge Base to help troubleshoot the story |
summary - String
|
Summary of the story |
timeline - [TimelineItem!]!
|
Data for the story timeline |
updatedAt - DateTime!
|
Timestamp when the story was most recently updated |
Example
{
"accountId": 123,
"accountName": "xyz789",
"analystEmail": "xyz789",
"analystName": "abc123",
"createdAt": "2007-12-03T10:15:30Z",
"id": 4,
"incident": MergedIncident,
"investigationDetails": InvestigationDetails,
"playbook": "xyz789",
"summary": "abc123",
"timeline": [TimelineItem],
"updatedAt": "2007-12-03T10:15:30Z"
}
StoryComment
BetaStoryDrillDownFilter
Fields
| Field Name | Description |
|---|---|
name - String!
|
|
value - String!
|
No longer supported |
values - [String!]!
|
Example
{
"name": "xyz789",
"value": "abc123",
"values": ["abc123"]
}
StoryEngineTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"ANOMALY"
StoryFilterInput
BetaFields
| Input Field | Description |
|---|---|
accountId - AccountIdPredicate
|
|
criticality - IntPredicate
|
|
engineType - EngineTypePredicate
|
|
incidentId - StringPredicate
|
|
ioa - StringPredicate
|
|
muted - BooleanPredicate
|
|
producer - StoryProducerPredicate
|
|
producerType - StoryProducerPredicate
|
|
queryName - StringPredicate
|
|
severity - StorySeverityPredicate
|
|
source - StringPredicate
|
|
sourceIp - StringPredicate
|
|
status - StoryStatusPredicate
|
|
storyId - StoryIdPredicate
|
|
timeFrame - TimeFramePredicate!
|
|
vendor - VendorPredicate
|
|
verdict - StoryVerdictPredicate
|
Example
{
"accountId": AccountIdPredicate,
"criticality": IntPredicate,
"engineType": EngineTypePredicate,
"incidentId": StringPredicate,
"ioa": StringPredicate,
"muted": BooleanPredicate,
"producer": StoryProducerPredicate,
"producerType": StoryProducerPredicate,
"queryName": StringPredicate,
"severity": StorySeverityPredicate,
"source": StringPredicate,
"sourceIp": StringPredicate,
"status": StoryStatusPredicate,
"storyId": StoryIdPredicate,
"timeFrame": TimeFramePredicate,
"vendor": VendorPredicate,
"verdict": StoryVerdictPredicate
}
StoryIdPredicate
BetaStoryInput
BetaFields
| Input Field | Description |
|---|---|
filter - [StoryFilterInput!]!
|
|
paging - PagingInput!
|
|
sort - [StorySortInput!]
|
Example
{
"filter": [StoryFilterInput],
"paging": PagingInput,
"sort": [StorySortInput]
}
StoryProducerEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
No longer supported |
|
|
The producer of the Site Operations stories |
|
|
|
|
|
Example
"AnomalyEvents"
StoryProducerPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryProducerEnum!]
|
|
not_in - [StoryProducerEnum!]
|
Example
{"in": ["AnomalyEvents"], "not_in": ["AnomalyEvents"]}
StorySeverityPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [SeverityEnum!]
|
|
not_in - [SeverityEnum!]
|
Example
{"in": ["High"], "not_in": ["High"]}
StorySortFieldName
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"accountName"
StorySortInput
BetaFields
| Input Field | Description |
|---|---|
fieldName - StorySortFieldName!
|
|
order - SortDirectionEnum
|
Example
{"fieldName": "accountName", "order": "asc"}
StoryStatusEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Closed"
StoryStatusPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryStatusEnum!]
|
|
not_in - [StoryStatusEnum!]
|
Example
{"in": ["Closed"], "not_in": ["Closed"]}
StoryThreatType
BetaStoryVerdictEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"Benign"
StoryVerdictPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [StoryVerdictEnum!]
|
|
not_in - [StoryVerdictEnum!]
|
Example
{"in": ["Benign"], "not_in": ["Benign"]}
String
Description
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Example
"abc123"
StringFilterInput
BetaStringPredicate
BetaStringValue
Fields
| Field Name | Description |
|---|---|
string - String
|
Example
{"string": "xyz789"}
StringValueSetRef
BetaStringValueSetRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
SubDomain
SubPolicyPayload
Fields
| Field Name | Description |
|---|---|
policy - PolicyInfo!
|
|
properties - [SubPolicyProperty!]!
|
Possible Types
| SubPolicyPayload Types |
|---|
Example
{"policy": PolicyInfo, "properties": ["READ_ONLY"]}
SubPolicyProperty
BetaValues
| Enum Value | Description |
|---|---|
|
|
Example
"READ_ONLY"
SubnetType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"Direct"
SubscriptionGroup
Description
Represents a Subscription Group that combines Mailing Lists and webhook integrations.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
Unique identifier of the Subscription Group. |
integration - IntegrationList!
|
Webhook integrations included in the Subscription Group. |
mailingList - [MailingList!]!
|
Mailing Lists included in the Subscription Group. |
name - String!
|
Display name of the Subscription Group. |
Example
{
"id": 4,
"integration": IntegrationList,
"mailingList": [MailingList],
"name": "abc123"
}
SubscriptionGroupListPayload
Description
Represents the response payload for a list of Subscription Groups.
Fields
| Field Name | Description |
|---|---|
items - [SubscriptionGroup!]!
|
List of Subscription Groups configured in the account. |
paging - PageInfo!
|
Pagination metadata for the Subscription Group list. |
Example
{
"items": [SubscriptionGroup],
"paging": PageInfo
}
SubscriptionGroupRef
BetaSubscriptionGroupRefInput
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
SubscriptionMailingListRef
BetaSubscriptionMailingListRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
SubscriptionWebhookRef
BetaSubscriptionWebhookRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
SyncFqdnContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Example
{"ref": ContainerRefInput}
SyncFqdnContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Example
{"container": FqdnContainer}
SyncIpAddressRangeContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
ref - ContainerRefInput!
|
Example
{"ref": ContainerRefInput}
SyncIpAddressRangeContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Example
{"container": IpAddressRangeContainer}
SystemGroupRef
BetaSystemGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
TaggingMethod
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DOT1Q"
TaggingMethodFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - TaggingMethod
|
|
in - [TaggingMethod!]
|
|
neq - TaggingMethod
|
|
nin - [TaggingMethod!]
|
Example
{"eq": "DOT1Q", "in": ["DOT1Q"], "neq": "DOT1Q", "nin": ["DOT1Q"]}
TargetType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Example
"domain"
TerminalServerAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
allowedHostIP - GlobalIpRangeRefInput!
|
Allowed Host IP range. all the other IPs will be blocked by the pop. Globally defined IP range |
description - String!
|
|
enabled - Boolean!
|
|
excludeTraffic - [GlobalIpRangeRefInput!]!
|
Exclude traffic IP Range. all traffic to those Ips will be excluded from the GRE tunnel. Globally defined IP range Default |
name - String!
|
Example
{
"allowedHostIP": GlobalIpRangeRefInput,
"description": "xyz789",
"enabled": true,
"excludeTraffic": [GlobalIpRangeRefInput],
"name": "xyz789"
}
TerminalServerAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - TerminalServerAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": TerminalServerAddRuleDataInput
}
TerminalServerPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [TerminalServerRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": false,
"revision": PolicyRevision,
"rules": [TerminalServerRulePayload],
"sections": [PolicySectionPayload]
}
TerminalServerPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
TerminalServerPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
TerminalServerPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - TerminalServerPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": TerminalServerPolicy,
"status": "FAILURE"
}
TerminalServerPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
TerminalServerRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": 4}
TerminalServerRule
BetaFields
| Field Name | Description |
|---|---|
allowedHostIP - GlobalIpRangeRef!
|
Allowed Host IP range. all the other IPs will be blocked by the pop. Globally defined IP range |
description - String!
|
Description for the rule |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
excludeTraffic - [GlobalIpRangeRef!]!
|
Exclude traffic IP Range. all traffic to those Ips will be excluded from the GRE tunnel. Globally defined IP range |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
section - PolicySectionInfo!
|
Policy section where the rule is located |
Example
{
"allowedHostIP": GlobalIpRangeRef,
"description": "abc123",
"enabled": true,
"excludeTraffic": [GlobalIpRangeRef],
"id": "4",
"index": 123,
"name": "xyz789",
"section": PolicySectionInfo
}
TerminalServerRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - TerminalServerRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": TerminalServerRulePayload,
"status": "FAILURE"
}
TerminalServerRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - TerminalServerRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": TerminalServerRule
}
TerminalServerUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
allowedHostIP - GlobalIpRangeRefInput
|
Allowed Host IP range. all the other IPs will be blocked by the pop. Globally defined IP range |
description - String
|
|
enabled - Boolean
|
|
excludeTraffic - [GlobalIpRangeRefInput!]
|
Exclude traffic IP Range. all traffic to those Ips will be excluded from the GRE tunnel. Globally defined IP range |
name - String
|
Example
{
"allowedHostIP": GlobalIpRangeRefInput,
"description": "xyz789",
"enabled": true,
"excludeTraffic": [GlobalIpRangeRefInput],
"name": "abc123"
}
TerminalServerUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - TerminalServerUpdateRuleDataInput!
|
Example
{"id": 4, "rule": TerminalServerUpdateRuleDataInput}
TestContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
fileType - ContainerFileType!
|
|
url - Url!
|
Example
{"fileType": "CSV", "url": Url}
TestContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
sizeInvalid - Int!
|
|
sizeValid - Int!
|
|
topInvalid - [String!]!
|
|
topValid - [String!]!
|
Example
{
"sizeInvalid": 987,
"sizeValid": 987,
"topInvalid": ["xyz789"],
"topValid": ["xyz789"]
}
TestWebhookPayload
Threat
BetaDescription
The "Threat" object represents a comprehensive data structure used in GraphQL queries or mutations to encapsulate various attributes and metadata related to a threat incident, including details about the threat's origin, nature, risk assessment, and associated network traffic flows.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
Fields related to analysts research of the threat incident |
categories - [IncidentCategory!]!
|
|
clientClass - [String!]!
|
Client Class for the traffic flow |
connectionType - ConnectionTypeEnum
|
Connection for this incident |
criticality - Int
|
Cato's risk analysis of the story. Values are from 1 (low risk) to 10 (high risk) |
description - String
|
Description of the threat |
deviceName - String
|
Name of the device |
direction - String
|
Traffic direction for the threat |
engineType - StoryEngineTypeEnum
|
XDR engine involved with the incident |
entities - [IncidentEntity!]!
|
|
events - [Event!]
|
Data for the Cato event for this story |
firstSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
flows - [IncidentFlow!]
|
Data about the traffic flow for the threat |
flowsCardinality - Int
|
Cardinality of traffic flows for the threat |
id - ID!
|
Unique Cato ID for this threat |
indication - String!
|
An indication is a set of actions and behaviors for the Network or Security incident. Each producer has different indications. |
lastSignal - DateTime!
|
Timestamp for the first incident signal related to this story |
logonName - String
|
Username for the device |
macAddress - String
|
MAC address of the device |
mitres - [Mitre!]
|
Mitre data for the story (ie. ID, name) |
muted - Boolean!
|
|
os - String
|
OS for device or host that is the threat target |
predictedThreatType - String
|
Predicted threat type for the story based on Cato algorithm |
predictedVerdict - StoryVerdictEnum
|
Predicted verdict of the story based on Cato algorithm |
producer - StoryProducerEnum!
|
Producer (specific XDR engine and service) involved with the incident use 'producerType' instead |
producerName - String!
|
Full name of the Producer (specific XDR engine and service) involved with the incident |
producerType - StoryProducerEnum!
|
|
queryName - String
|
Category for the indication ID related to the story |
research - Boolean
|
The value is TRUE when the story is currently being researched by Security Analysts |
riskLevel - RiskLevelEnum
|
The estimated risk level of the threat (ie. Malicious, High, Low) |
similarStoriesData - [SimilarStoryData!]!
|
Data for stories that are similar |
site - SiteRef
|
Cato ID and name for the site |
siteName - String
|
Site name related to the story 'siteName' is deprecated, use 'site.name' instead |
source - String
|
IP address, name of device, or SDP user on your network involved in the story |
sourceIp - String
|
The source IP address of the device in your network sending or receiving the flow |
srcSiteId - String
|
Cato ID for the site that is the source of the threat |
status - StoryStatusEnum
|
Status of this story |
storyDuration - Int
|
Amount of time since the story was opened (no value for closed stories) |
targets - [IncidentTargetRep!]!
|
Data about the target of the threat |
ticket - String
|
The ticket an analyst created for this story |
timeSeries - [IncidentTimeseries!]
|
Timeseries data for the incident |
user - UserRef
|
Cato ID and name for the user |
vendor - VendorEnum
|
Vendor that identified the incident, such as Cato or Microsoft |
Example
{
"analystFeedback": AnalystFeedback,
"categories": ["OPERATIONAL"],
"clientClass": ["abc123"],
"connectionType": "Host",
"criticality": 987,
"description": "xyz789",
"deviceName": "xyz789",
"direction": "xyz789",
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"events": [Event],
"firstSignal": "2007-12-03T10:15:30Z",
"flows": [IncidentFlow],
"flowsCardinality": 123,
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "abc123",
"mitres": [Mitre],
"muted": true,
"os": "abc123",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"producerType": "AnomalyEvents",
"queryName": "xyz789",
"research": true,
"riskLevel": "Benign",
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "xyz789",
"sourceIp": "xyz789",
"srcSiteId": "xyz789",
"status": "Closed",
"storyDuration": 123,
"targets": [IncidentTargetRep],
"ticket": "xyz789",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
ThreatClassificationRef
BetaThreatPrevention
BetaDescription
The ThreatPrevention object is a GraphQL type that represents the details of a threat prevention incident, including fields such as analyst feedback, client class, connection type, criticality, description, device name, and various other attributes related to the incident's signals, events, and status.
Fields
| Field Name | Description |
|---|---|
analystFeedback - AnalystFeedback
|
|
categories - [IncidentCategory!]!
|
|
clientClass - [String!]!
|
|
connectionType - ConnectionTypeEnum
|
|
criticality - Int
|
|
description - String
|
|
deviceName - String
|
|
direction - String
|
|
engineType - StoryEngineTypeEnum
|
|
entities - [IncidentEntity!]!
|
|
events - [Event!]
|
|
firstSignal - DateTime!
|
|
flowsCardinality - Int
|
|
id - ID!
|
|
indication - String!
|
|
lastSignal - DateTime!
|
|
logonName - String
|
|
macAddress - String
|
|
mitres - [Mitre!]
|
|
muted - Boolean!
|
|
os - String
|
|
predictedThreatType - String
|
|
predictedVerdict - StoryVerdictEnum
|
|
producer - StoryProducerEnum!
|
use 'producerType' instead |
producerName - String!
|
|
producerType - StoryProducerEnum!
|
|
queryName - String
|
|
research - Boolean
|
|
riskLevel - RiskLevelEnum
|
|
similarStoriesData - [SimilarStoryData!]!
|
|
site - SiteRef
|
|
siteName - String
|
'siteName' is deprecated, use 'site.name' instead |
source - String
|
|
sourceIp - String
|
|
srcSiteId - String
|
|
status - StoryStatusEnum
|
|
storyDuration - Int
|
|
targets - [IncidentTargetRep!]!
|
|
threatPreventionsEvents - [ThreatPreventionEvents!]
|
|
ticket - String
|
|
timeSeries - [IncidentTimeseries!]
|
|
user - UserRef
|
|
vendor - VendorEnum
|
Example
{
"analystFeedback": AnalystFeedback,
"categories": ["OPERATIONAL"],
"clientClass": ["xyz789"],
"connectionType": "Host",
"criticality": 987,
"description": "abc123",
"deviceName": "xyz789",
"direction": "abc123",
"engineType": "ANOMALY",
"entities": [IncidentEntity],
"events": [Event],
"firstSignal": "2007-12-03T10:15:30Z",
"flowsCardinality": 123,
"id": 4,
"indication": "xyz789",
"lastSignal": "2007-12-03T10:15:30Z",
"logonName": "abc123",
"macAddress": "abc123",
"mitres": [Mitre],
"muted": true,
"os": "abc123",
"predictedThreatType": "abc123",
"predictedVerdict": "Benign",
"producer": "AnomalyEvents",
"producerName": "abc123",
"producerType": "AnomalyEvents",
"queryName": "abc123",
"research": false,
"riskLevel": "Benign",
"similarStoriesData": [SimilarStoryData],
"site": SiteRef,
"siteName": "abc123",
"source": "abc123",
"sourceIp": "xyz789",
"srcSiteId": "abc123",
"status": "Closed",
"storyDuration": 987,
"targets": [IncidentTargetRep],
"threatPreventionsEvents": [ThreatPreventionEvents],
"ticket": "xyz789",
"timeSeries": [IncidentTimeseries],
"user": UserRef,
"vendor": "CATO"
}
ThreatPreventionEvents
Fields
| Field Name | Description |
|---|---|
appName - String
|
|
clientClass - String
|
|
createdAt - DateTime
|
|
destinationCountry - String
|
|
destinationGeolocation - String
|
|
destinationIp - String
|
|
destinationPort - Int
|
|
direction - String
|
|
dnsResponseIP - String
|
|
domain - String
|
|
fileHash - String
|
|
httpResponseCode - Int
|
|
ja3 - String
|
|
method - String
|
|
referrer - String
|
|
smbFileName - String
|
|
sourceGeolocation - String
|
|
sourceIp - String
|
|
sourcePort - Int
|
|
target - String
|
|
tunnelGeolocation - String
|
|
url - String
|
|
user - String
|
|
userAgent - String
|
Example
{
"appName": "xyz789",
"clientClass": "abc123",
"createdAt": "2007-12-03T10:15:30Z",
"destinationCountry": "abc123",
"destinationGeolocation": "xyz789",
"destinationIp": "xyz789",
"destinationPort": 123,
"direction": "abc123",
"dnsResponseIP": "abc123",
"domain": "abc123",
"fileHash": "xyz789",
"httpResponseCode": 123,
"ja3": "abc123",
"method": "xyz789",
"referrer": "xyz789",
"smbFileName": "abc123",
"sourceGeolocation": "abc123",
"sourceIp": "abc123",
"sourcePort": 123,
"target": "abc123",
"tunnelGeolocation": "abc123",
"url": "abc123",
"user": "xyz789",
"userAgent": "abc123"
}
ThreatPreventionLicense
BetaDescription
Threat Prevention (TP) license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
ThreatTypeRef
BetaTime
BetaDescription
Wall time. E.g.: 12:34:56 or 12:34
Example
"10:15:30Z"
TimeAnnotation
Description
An object for marking specific events in time.
Fields
| Field Name | Description |
|---|---|
label - String!
|
Description of the event |
shortLabel - String!
|
Brief description of the event |
time - Float!
|
Timestamp of the event |
type - AnnotationType!
|
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows charts to attach to it. |
Example
{
"label": "abc123",
"shortLabel": "xyz789",
"time": 987.65,
"type": "generic"
}
TimeFrame
Description
Enter the time frame for the data that the query returns. The argument is in the format <type>.<time value> This argument is mandatory.
These are the supported options to define the time frame:
last.<time duration> - The
- timeFrame = last.PT5M shows the previous 5 minutes
- timeFrame = last.PT2H shows the previous 2 hours
- timeFrame = last.P1D shows the previous 1 day
- timeFrame = last.P3M shows the previous 3 months
- timeFrame = last.P1Y shows the previous 1 year
utc.<short-time-frame-spec> - The time frame combines a start and end date in the format YY-MM-DD/hh:mm:ss according to the specified time zone. You must enter all the date and time values for the argument. For example:
- timeFrame = utc.2020-02-{11/04:50:00--21/04:50:00} shows 10 days of analytics data from February 11, 2020 4:50:00 am to February 21, 2020 4:50:00 am
- timeFrame = utc.2020-02-11/{04:50:15--16:50:15} shows 12 hours of analytics data on February 11, 2020, from 4:50:15 am to 16:50:15 pm
- timeFrame = utc.2020-{02-11/04:50:00--04-11/04:50:00} shows 2 months of analytics data from February 11, 2020 4:50:00 am to April 11 4:50:00 am
- timeFrame = utc.{2019-10-01/04:50:00--2020/02-01/04:50:00} shows 4 months of analytics data from October 1, 2019 4:50:00 am to February 11 4:50:00 am
This format lets you configure a time frame the includes more than one calendar year
Example
TimeFrame
TimeFrameModifier
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"AnalystUpdate"
TimeFramePredicate
BetaFields
| Input Field | Description |
|---|---|
time - TimeFrame!
|
|
timeFrameModifier - TimeFrameModifier
|
Example
{"time": TimeFrame, "timeFrameModifier": "AnalystUpdate"}
TimePeriod
Description
An object for marking durations!
Fields
| Field Name | Description |
|---|---|
duration - [Float!]!
|
An tuple of two numbers representing start time, end time in ms since epoch, start bucket index, end bucket index |
title - String!
|
Label that describes the metrics |
type - PeriodType!
|
Type identifies which annotation this is: e.g. connectivity, rolechange, missingdata, which allows charts to attach to it. |
Example
{
"duration": [123.45],
"title": "abc123",
"type": "active"
}
TimeSeriesEvents
Fields
| Field Name | Description |
|---|---|
accountID - String!
|
|
buckets - Int!
|
|
dimensions - [GraphEventsDimension!]!
|
|
filters - [GraphEventsFilter!]!
|
|
measures - [GraphEventsMeasure!]!
|
|
timeFrame - TimeFrame!
|
Example
{
"accountID": "xyz789",
"buckets": 987,
"dimensions": [GraphEventsDimension],
"filters": [GraphEventsFilter],
"measures": [GraphEventsMeasure],
"timeFrame": TimeFrame
}
TimeZone
Description
Time zone identifier E.g.: America/New_York
Example
"Etc/UTC"
TimelineItem
BetaDescription
For XDR stories, items that happened during the lifetime of the story
Fields
| Field Name | Description |
|---|---|
additionalInfo - String
|
Additional information about this timeline item |
analystInfo - AnalystInfo
|
Data about the analyst for this timeline item (ie. name, email) |
category - TimelineItemCategoryEnum
|
Icon for the timeline item |
context - String!
|
Brief summary of action related to the timeline item (ie. Story created, Status update to) |
createdAt - DateTime!
|
Timestamp the timeline item was created |
description - String!
|
Description of the timeline item Beta use 'descriptions' instead |
descriptions - [String!]!
|
Description of the timeline item |
type - TimelineTypeEnum!
|
Type of threat assigned by the analyst |
Example
{
"additionalInfo": "xyz789",
"analystInfo": AnalystInfo,
"category": "Error",
"context": "xyz789",
"createdAt": "2007-12-03T10:15:30Z",
"description": "abc123",
"descriptions": ["abc123"],
"type": "Action"
}
TimelineItemCategoryEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"Error"
TimelineTypeEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"Action"
Timeseries
Fields
| Field Name | Description |
|---|---|
data - [Float!]
|
Data is an array of tuples, each containing two values: [timestamp, metric], where the timestamp is in milliseconds from the epoch (1.1.1970), and the metric is a number (according to the unit type) |
Arguments
|
|
dimensions - [DimensionData!]
|
List of dimension values for this timeseries |
info - [String!]
|
Specific information about the timeseries, used to build its name, title etc |
key - TimeseriesKey
|
Timeseries key: measure and dimension values |
label - String!
|
Indicates the type of the timeseries |
sum - Float
|
Summary of the metrics over the given time frame |
units - UnitType
|
Identifies what unit of data this timeseries represents. Note that toRate is only available for particular types of data to make sense. |
Example
{
"data": [987.65],
"dimensions": [DimensionData],
"info": ["abc123"],
"key": TimeseriesKey,
"label": "xyz789",
"sum": 123.45,
"units": "bits"
}
TimeseriesKey
Fields
| Field Name | Description |
|---|---|
dimensions - [DimensionKey!]
|
List of dimension key-value pair for this timeseries key |
measureFieldName - String!
|
Measure field |
Example
{
"dimensions": [DimensionKey],
"measureFieldName": "xyz789"
}
TimeseriesMetricType
Values
| Enum Value | Description |
|---|---|
|
|
Total avg downstream traffic (from the Cato Cloud to the site) |
|
|
Total max downstream traffic (from the site to the Cato Cloud) |
|
|
Total number of bytes of upstream and downstream traffic |
|
|
Total avg upstream traffic (from the site to the Cato Cloud) |
|
|
Total max upstream traffic (from the site to the Cato Cloud) |
|
|
Health analytics for the site No longer supported |
|
|
Jitter for downstream traffic (difference in time delay in milliseconds (ms) between data packets) |
|
|
Jitter for upstream traffic (difference in time delay in milliseconds (ms) between data packets) |
|
|
Latency from socket directly to a well known global service, not through Cato. This is used to measure last mile provider's performance, independent of the service. |
|
|
Packet loss from socket directly to a well known global services, not through Cato This is used to measure last mile provider's performance, independent of the service. |
|
|
Number of packets lost for downstream traffic |
|
|
Percent of packet loss for downstream traffic |
|
|
Number of packets lost for upstream traffic |
|
|
Percent of packet loss for upstream traffic |
|
|
Total packets discarded for downstream traffic |
|
|
Percent packets discarded for downstream traffic |
|
|
Total packets discarded for upstream traffic |
|
|
Percent packets discarded for upstream traffic |
|
|
Total downstream packets |
|
|
Total upstream packets |
|
|
Round-trip time from the Socket to the Cato Cloud |
|
|
The age of the physical tunnel in milliseconds (It is zeroed even on transparent reconnect) |
Example
"bytesDownstream"
TlsInspectAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BYPASS"
TlsInspectAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - TlsInspectAction!
|
Action to be taken on the traffic. Default |
application - TlsInspectApplicationInput!
|
Application matching criteria for. Default |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic Default |
country - [CountryRefInput!]!
|
Country traffic matching criteria. Default |
description - String!
|
|
devicePostureProfile - [DeviceProfileRefInput!]!
|
Device Profile traffic matching criteria. Default |
enabled - Boolean!
|
|
name - String!
|
|
platform - [OperatingSystem!]!
|
Operating System traffic matching criteria. Default |
source - TlsInspectSourceInput!
|
Source traffic matching criteria. Default |
untrustedCertificateAction - TlsInspectUntrustedCertificateAction!
|
Action to be taken on the traffic when an untrusted certificate is detected. Default |
Example
{
"action": "BYPASS",
"application": TlsInspectApplicationInput,
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "abc123",
"devicePostureProfile": [DeviceProfileRefInput],
"enabled": false,
"name": "xyz789",
"platform": ["ANDROID"],
"source": TlsInspectSourceInput,
"untrustedCertificateAction": "ALLOW"
}
TlsInspectAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - TlsInspectAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": TlsInspectAddRuleDataInput
}
TlsInspectApplication
BetaDescription
Application match criteria set
Fields
| Field Name | Description |
|---|---|
appCategory - [ApplicationCategoryRef!]!
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRef!]!
|
Applications for the rule (pre-defined) |
country - [CountryRef!]!
|
Countries matching criteria for the rule |
customApp - [CustomApplicationRef!]!
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRef!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
customService - [CustomService!]!
|
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53 |
customServiceIp - [CustomServiceIp!]!
|
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8 |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]!
|
IPv4 addresses |
ipRange - [IpAddressRange!]!
|
A range of IPs. Every IP within the range will be matched |
remoteAsn - [Asn32!]!
|
Remote Autonomous System Number (ASN) |
service - [ServiceRef!]!
|
Add the Service Type to which this TLS inspection rule applies |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
tlsInspectCategory - [TlsInspectSystemCategory!]!
|
System categories for TLS inspection policy |
Example
{
"appCategory": [ApplicationCategoryRef],
"application": [ApplicationRef],
"country": [CountryRef],
"customApp": [CustomApplicationRef],
"customCategory": [CustomCategoryRef],
"customService": [CustomService],
"customServiceIp": [CustomServiceIp],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"remoteAsn": [Asn32],
"service": [ServiceRef],
"subnet": [NetworkSubnet],
"tlsInspectCategory": ["POPULAR_CLOUD_APPS"]
}
TlsInspectApplicationInput
BetaDescription
Application match criteria set
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]!
|
Cato category of applications which are dynamically updated by Cato Default |
application - [ApplicationRefInput!]!
|
Applications for the rule (pre-defined) Default |
country - [CountryRefInput!]!
|
Countries matching criteria for the rule Default |
customApp - [CustomApplicationRefInput!]!
|
Custom (user-defined) applications Default |
customCategory - [CustomCategoryRefInput!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. Default |
customService - [CustomServiceInput!]!
|
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53 Default |
customServiceIp - [CustomServiceIpInput!]!
|
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8 Default |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. Default |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
ip - [IPAddress!]!
|
IPv4 addresses Default |
ipRange - [IpAddressRangeInput!]!
|
A range of IPs. Every IP within the range will be matched Default |
remoteAsn - [Asn32!]!
|
Remote Autonomous System Number (ASN) Default |
service - [ServiceRefInput!]!
|
Add the Service Type to which this TLS inspection rule applies Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
tlsInspectCategory - [TlsInspectSystemCategory!]!
|
System categories for TLS inspection policy Default |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"country": [CountryRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"customService": [CustomServiceInput],
"customServiceIp": [CustomServiceIpInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"remoteAsn": [Asn32],
"service": [ServiceRefInput],
"subnet": [NetworkSubnet],
"tlsInspectCategory": ["POPULAR_CLOUD_APPS"]
}
TlsInspectApplicationUpdateInput
BetaDescription
Application match criteria set
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRefInput!]
|
Applications for the rule (pre-defined) |
country - [CountryRefInput!]
|
Countries matching criteria for the rule |
customApp - [CustomApplicationRefInput!]
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRefInput!]
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
customService - [CustomServiceInput!]
|
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: TCP/80, UDP/53 |
customServiceIp - [CustomServiceIpInput!]
|
Returns data for Custom Service defined by a combination of L4 ports and an IP Protocol Example: google:8.8.8.8 |
domain - [Domain!]
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]
|
IPv4 addresses |
ipRange - [IpAddressRangeInput!]
|
A range of IPs. Every IP within the range will be matched |
remoteAsn - [Asn32!]
|
Remote Autonomous System Number (ASN) |
service - [ServiceRefInput!]
|
Add the Service Type to which this TLS inspection rule applies |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
tlsInspectCategory - [TlsInspectSystemCategory!]
|
System categories for TLS inspection policy |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"country": [CountryRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"customService": [CustomServiceInput],
"customServiceIp": [CustomServiceIpInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"remoteAsn": [Asn32],
"service": [ServiceRefInput],
"subnet": [NetworkSubnet],
"tlsInspectCategory": ["POPULAR_CLOUD_APPS"]
}
TlsInspectConfig
BetaDescription
Default rule settings for the TLS Inspection policy
Fields
| Field Name | Description |
|---|---|
defaultRuleAction - TlsInspectAction!
|
Action to take on traffic that matches the default rule |
defaultRuleUntrustedCertificateAction - TlsInspectUntrustedCertificateAction!
|
Action to take when an untrusted certificate is detected for traffic matching the default rule |
Example
{
"defaultRuleAction": "BYPASS",
"defaultRuleUntrustedCertificateAction": "ALLOW"
}
TlsInspectConfigInput
BetaFields
| Input Field | Description |
|---|---|
defaultRuleAction - TlsInspectAction!
|
Action to take on traffic that matches the default rule Default |
defaultRuleUntrustedCertificateAction - TlsInspectUntrustedCertificateAction!
|
Action to take when an untrusted certificate is detected for traffic matching the default rule Default |
Example
{
"defaultRuleAction": "BYPASS",
"defaultRuleUntrustedCertificateAction": "ALLOW"
}
TlsInspectPolicy
BetaFields
| Field Name | Description |
|---|---|
additionalAttributes - TlsInspectConfig
|
|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [TlsInspectRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"additionalAttributes": TlsInspectConfig,
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [TlsInspectRulePayload],
"sections": [PolicySectionPayload]
}
TlsInspectPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
TlsInspectPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
TlsInspectPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - TlsInspectPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": TlsInspectPolicy,
"status": "FAILURE"
}
TlsInspectPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
additionalAttributes - TlsInspectConfigInput
|
|
state - PolicyToggleState
|
Example
{
"additionalAttributes": TlsInspectConfigInput,
"state": "DISABLED"
}
TlsInspectRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
TlsInspectRule
BetaFields
| Field Name | Description |
|---|---|
action - TlsInspectAction!
|
Action to be taken on the traffic. |
application - TlsInspectApplication!
|
Application matching criteria for. |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic |
country - [CountryRef!]!
|
Country traffic matching criteria. |
description - String!
|
Description for the rule |
devicePostureProfile - [DeviceProfileRef!]!
|
Device Profile traffic matching criteria. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
platform - [OperatingSystem!]!
|
Operating System traffic matching criteria. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - TlsInspectSource!
|
Source traffic matching criteria. |
untrustedCertificateAction - TlsInspectUntrustedCertificateAction!
|
Action to be taken on the traffic when an untrusted certificate is detected. |
Example
{
"action": "BYPASS",
"application": TlsInspectApplication,
"connectionOrigin": "ANY",
"country": [CountryRef],
"description": "xyz789",
"devicePostureProfile": [DeviceProfileRef],
"enabled": false,
"id": 4,
"index": 987,
"name": "xyz789",
"platform": ["ANDROID"],
"section": PolicySectionInfo,
"source": TlsInspectSource,
"untrustedCertificateAction": "ALLOW"
}
TlsInspectRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - TlsInspectRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": TlsInspectRulePayload,
"status": "FAILURE"
}
TlsInspectRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - TlsInspectRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": TlsInspectRule
}
TlsInspectSource
BetaDescription
Returns the settings for Source of an TLS inspection rule
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 addresses |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
TlsInspectSourceInput
BetaDescription
Input of the settings for Source of an TLS inspection rule
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 addresses Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
TlsInspectSourceUpdateInput
BetaDescription
Input of the settings for Source of an TLS inspection rule
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 addresses |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
TlsInspectSystemCategory
BetaDescription
System categories for TLS inspection policy
Values
| Enum Value | Description |
|---|---|
|
|
High-popularity cloud apps that were analyzed by Cato's security team and confirmed to be safe for inspection. |
|
|
Top domains found to be broadly TLS-inspected across the Cato cloud. TLS-inspecting these domains is likely to be safe. |
Example
"POPULAR_CLOUD_APPS"
TlsInspectUntrustedCertificateAction
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
Example
"ALLOW"
TlsInspectUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - TlsInspectAction
|
Action to be taken on the traffic. |
application - TlsInspectApplicationUpdateInput
|
Application matching criteria for. |
connectionOrigin - ConnectionOriginEnum
|
Connection origin of the traffic |
country - [CountryRefInput!]
|
Country traffic matching criteria. |
description - String
|
|
devicePostureProfile - [DeviceProfileRefInput!]
|
Device Profile traffic matching criteria. |
enabled - Boolean
|
|
name - String
|
|
platform - [OperatingSystem!]
|
Operating System traffic matching criteria. |
source - TlsInspectSourceUpdateInput
|
Source traffic matching criteria. |
untrustedCertificateAction - TlsInspectUntrustedCertificateAction
|
Action to be taken on the traffic when an untrusted certificate is detected. |
Example
{
"action": "BYPASS",
"application": TlsInspectApplicationUpdateInput,
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "xyz789",
"devicePostureProfile": [DeviceProfileRefInput],
"enabled": true,
"name": "abc123",
"platform": ["ANDROID"],
"source": TlsInspectSourceUpdateInput,
"untrustedCertificateAction": "ALLOW"
}
TlsInspectUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - TlsInspectUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": TlsInspectUpdateRuleDataInput
}
TrafficDirectionEnum
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DOWNSTREAM"
TunnelConfig
Example
{
"localId": "xyz789",
"tunnelId": "abc123",
"tunnelRemoteIdentifier": "xyz789"
}
UnitType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Bits per second |
|
|
|
|
|
Bytes per second |
|
|
The number of occurrences for this unit |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
health analytics for the site |
|
|
For metrics that are measured in seconds, such as tunnelAge, the number of seconds |
Example
"bits"
UnknownEntityRef
BetaUpdateAccountInput
Fields
| Input Field | Description |
|---|---|
description - String
|
Account description |
Example
{"description": "xyz789"}
UpdateAccountRoleInput
UpdateAdminInput
Fields
| Input Field | Description |
|---|---|
firstName - String
|
|
lastName - String
|
|
managedRoles - [UpdateAdminRoleInput!]
|
|
passwordNeverExpires - Boolean
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"firstName": "xyz789",
"lastName": "abc123",
"managedRoles": [UpdateAdminRoleInput],
"passwordNeverExpires": false,
"resellerRoles": [UpdateAdminRoleInput]
}
UpdateAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": 4}
UpdateAdminRoleInput
Fields
| Input Field | Description |
|---|---|
allowedAccounts - [ID!]
|
|
allowedEntities - [EntityInput!]
|
|
role - UpdateAccountRoleInput!
|
Example
{
"allowedAccounts": [4],
"allowedEntities": [EntityInput],
"role": UpdateAccountRoleInput
}
UpdateBasicAuthInput
UpdateBearerTokenAuthInput
Fields
| Input Field | Description |
|---|---|
bearerToken - Secret
|
Example
{"bearerToken": Secret}
UpdateBgpPeerInput
BetaFields
| Input Field | Description |
|---|---|
advertiseAllRoutes - Boolean
|
Update for all route advertisements. |
advertiseDefaultRoute - Boolean
|
Update for default route advertisement. |
advertiseSummaryRoutes - Boolean
|
Update for summary route advertisement. |
bfdEnabled - Boolean
|
Update to enable or disable BFD. |
bfdSettings - BfdSettingsInput
|
Updated BFD settings. |
catoAsn - Asn16
|
Updated AS number of Cato's BGP endpoint. |
defaultAction - BgpDefaultAction
|
Update for the default action on unmatched routes. |
defaultActionExclusion - [BgpFilterRuleInput!]
|
Updated rules excluded from the default action. |
defaultRouteCommunities - [BgpCommunityInput!]
|
Community values to associate with the default route. |
holdTime - Int
|
Updated hold time for the BGP session. |
id - ID!
|
Unique identifier of the BGP peer to be updated. |
keepaliveInterval - Int
|
Updated keepalive interval for the BGP session. |
md5AuthKey - String
|
Updated MD5 authentication key. |
metric - Int
|
Updated metric value for route preferences. |
name - String
|
Updated name of the BGP configuration entity. |
peerAsn - Asn32
|
Updated AS number of the peer BGP endpoint. |
peerIp - IPAddress
|
Updated IP address of the peer BGP endpoint. |
performNat - Boolean
|
Update for NAT configuration. |
summaryRoute - [BgpSummaryRouteInput!]
|
Updated summarized routes to advertise. |
tracking - BgpTrackingInput
|
Updated tracking configuration for the BGP peer. |
Example
{
"advertiseAllRoutes": true,
"advertiseDefaultRoute": false,
"advertiseSummaryRoutes": true,
"bfdEnabled": true,
"bfdSettings": BfdSettingsInput,
"catoAsn": Asn16,
"defaultAction": "ACCEPT",
"defaultActionExclusion": [BgpFilterRuleInput],
"defaultRouteCommunities": [BgpCommunityInput],
"holdTime": 987,
"id": "4",
"keepaliveInterval": 123,
"md5AuthKey": "xyz789",
"metric": 123,
"name": "xyz789",
"peerAsn": Asn32,
"peerIp": IPAddress,
"performNat": false,
"summaryRoute": [BgpSummaryRouteInput],
"tracking": BgpTrackingInput
}
UpdateBgpPeerPayload
BetaFields
| Field Name | Description |
|---|---|
bgpPeer - BgpPeer!
|
The updated BGP peer object. |
Example
{"bgpPeer": BgpPeer}
UpdateCloudInterconnectPhysicalConnectionInput
BetaDescription
Input for updating an existing physical connection at a cloud interconnect site.
Fields
| Input Field | Description |
|---|---|
downstreamBwLimit - NetworkBandwidth
|
Downstream bandwidth limit. |
encapsulationMethod - TaggingMethod
|
Method of encapsulation. |
id - ID!
|
ID of the connection to be updated. |
popLocation - PopLocationRefInput
|
Identifying data for the POP location. |
privateCatoIp - IPAddress
|
Private IP address of Cato. |
privateSiteIp - IPAddress
|
Private IP address of the site. |
QinQVlanConfiguration - QinQVlanConfiguration
|
QinQ VLAN configuration for QinQ encapsulated connections. Applicable only to accounts with private POPs. |
serviceProviderName - String
|
Name of the service provider. |
subnet - NetworkSubnet
|
Subnet for the connection. |
upstreamBwLimit - NetworkBandwidth
|
Upstream bandwidth limit. |
vlan - Vlan
|
VLAN configuration for Dot1Q encapsulated connections. Applicable only to accounts with private POPs. |
Example
{
"downstreamBwLimit": NetworkBandwidth,
"encapsulationMethod": "DOT1Q",
"id": "4",
"popLocation": PopLocationRefInput,
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"QinQVlanConfiguration": QinQVlanConfiguration,
"serviceProviderName": "abc123",
"subnet": NetworkSubnet,
"upstreamBwLimit": NetworkBandwidth,
"vlan": Vlan
}
UpdateCloudInterconnectPhysicalConnectionPayload
BetaDescription
Payload for updating an existing physical connection at a cloud interconnect site.
Fields
| Field Name | Description |
|---|---|
id - ID!
|
ID of the updated connection. |
Example
{"id": "4"}
UpdateCommercialLicenseInput
BetaUpdateCommercialLicensePayload
BetaFields
| Field Name | Description |
|---|---|
license - License!
|
The license that was modified |
Example
{"license": License}
UpdateContainerSyncDataInput
BetaDescription
Update synchronization data for a container
Fields
| Input Field | Description |
|---|---|
notifications - UpdateContainerSyncDataNotificationInput
|
|
timeInterval - Int
|
|
timeUnit - ContainerSyncDataTimeUnit
|
|
url - Url
|
Example
{
"notifications": UpdateContainerSyncDataNotificationInput,
"timeInterval": 987,
"timeUnit": "DAY",
"url": Url
}
UpdateContainerSyncDataNotificationInput
BetaFields
| Input Field | Description |
|---|---|
mailingList - [SubscriptionMailingListRefInput!]!
|
|
subscriptionGroup - [SubscriptionGroupRefInput!]!
|
|
webhook - [SubscriptionWebhookRefInput!]!
|
Example
{
"mailingList": [SubscriptionMailingListRefInput],
"subscriptionGroup": [SubscriptionGroupRefInput],
"webhook": [SubscriptionWebhookRefInput]
}
Fields
| Input Field | Description |
|---|---|
category - [ApplicationCategoryRefInput!]
|
|
criteria - [CustomApplicationCriteriaInput!]
|
|
description - String
|
|
id - ID!
|
|
name - String
|
Example
{
"category": [ApplicationCategoryRefInput],
"criteria": [CustomApplicationCriteriaInput],
"description": "xyz789",
"id": "4",
"name": "xyz789"
}
Fields
| Field Name | Description |
|---|---|
customApplication - CustomApplication!
|
Example
{"customApplication": CustomApplication}
UpdateCustomHeaderAuthInput
UpdateFqdnContainerFromFileInput
BetaDescription
Input for updating FQDN typed container from file
Fields
| Input Field | Description |
|---|---|
description - String
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
uploadFile - Upload
|
Multipart file containing FQDNs with fileType delimiter |
Example
{
"description": "abc123",
"fileType": "CSV",
"ref": ContainerRefInput,
"uploadFile": Upload
}
UpdateFqdnContainerFromFilePayload
BetaDescription
Payload of UpdateFromFile operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
UpdateFqdnContainerFromListInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
ref - ContainerRefInput!
|
|
values - [Fqdn!]
|
Example
{
"description": "xyz789",
"ref": ContainerRefInput,
"values": [Fqdn]
}
UpdateFqdnContainerFromListPayload
BetaDescription
Payload of UpdateFromList operation on FQDN typed container
Fields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Container with members of type FQDN |
Example
{"container": FqdnContainer}
UpdateFqdnContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
fileType - ContainerFileType
|
|
ref - ContainerRefInput!
|
|
syncData - UpdateContainerSyncDataInput
|
Example
{
"description": "abc123",
"fileType": "CSV",
"ref": ContainerRefInput,
"syncData": UpdateContainerSyncDataInput
}
UpdateFqdnContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
container - FqdnContainer!
|
Example
{"container": FqdnContainer}
UpdateGroupInput
BetaDescription
Update attributes for a group. Only the provided fields are updated - the other fields are not changed Note: You can only update a total of 500 group members at one time, this means 'membersToAdd + membersToRemove' or 'members' must be less than 500
Fields
| Input Field | Description |
|---|---|
description - String
|
New description for the group, if changing |
group - GroupRefInput!
|
Specify the group you’re updating |
members - [GroupMemberRefTypedInput!]
|
Replaces all members in the group with this list of members |
membersToAdd - [GroupMemberRefTypedInput!]
|
Adds members to the existing set of members. Can't be used together with the 'members' field |
membersToRemove - [GroupMemberRefTypedInput!]
|
Removes members from the group. Can't be used together with the 'members' field |
name - String
|
New name for the group, if changing |
Example
{
"description": "xyz789",
"group": GroupRefInput,
"members": [GroupMemberRefTypedInput],
"membersToAdd": [GroupMemberRefTypedInput],
"membersToRemove": [GroupMemberRefTypedInput],
"name": "abc123"
}
UpdateGroupPayload
BetaDescription
The updated group object
Fields
| Field Name | Description |
|---|---|
group - Group!
|
Updated group |
Example
{"group": Group}
UpdateHaInput
UpdateHaPayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": "4"}
UpdateHwShippingInput
BetaFields
| Input Field | Description |
|---|---|
details - HwShippingDetailsInput!
|
The shipping details to update |
ids - [ID!]!
|
The ids of items to update |
Example
{"details": HwShippingDetailsInput, "ids": [4]}
UpdateInvestigationDetailsInput
BetaUpdateInvestigationDetailsPayload
BetaFields
| Field Name | Description |
|---|---|
investigationDetails - InvestigationDetails
|
Example
{"investigationDetails": InvestigationDetails}
UpdateIpAddressRangeContainerFromFileInput
BetaDescription
Input for updating existing IPAddressRange typed container from file
Fields
| Input Field | Description |
|---|---|
description - String
|
Description for the container |
fileType - ContainerFileType!
|
File type that will be uploaded Default |
ref - ContainerRefInput!
|
Reference to existing container by container ID or container name |
uploadFile - Upload
|
Multipart file containing IPAddressRanges with fileType delimiter |
Example
{
"description": "xyz789",
"fileType": "CSV",
"ref": ContainerRefInput,
"uploadFile": Upload
}
UpdateIpAddressRangeContainerFromFilePayload
BetaDescription
Payload of UpdateFromFile operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
UpdateIpAddressRangeContainerFromListInput
BetaFields
| Input Field | Description |
|---|---|
description - String!
|
|
ref - ContainerRefInput!
|
|
values - [IpAddressRangeInput!]
|
Example
{
"description": "abc123",
"ref": ContainerRefInput,
"values": [IpAddressRangeInput]
}
UpdateIpAddressRangeContainerFromListPayload
BetaDescription
Payload of UpdateFromList operation on IPAddressRange typed container
Fields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Container with members of type IPAddressRange |
Example
{"container": IpAddressRangeContainer}
UpdateIpAddressRangeContainerFromUrlInput
BetaFields
| Input Field | Description |
|---|---|
description - String
|
|
fileType - ContainerFileType
|
|
ref - ContainerRefInput!
|
|
syncData - UpdateContainerSyncDataInput
|
Example
{
"description": "abc123",
"fileType": "CSV",
"ref": ContainerRefInput,
"syncData": UpdateContainerSyncDataInput
}
UpdateIpAddressRangeContainerFromUrlPayload
BetaFields
| Field Name | Description |
|---|---|
container - IpAddressRangeContainer!
|
Example
{"container": IpAddressRangeContainer}
UpdateIpsecIkeV2SiteGeneralDetailsInput
BetaFields
| Input Field | Description |
|---|---|
authMessage - IpsecIkeV2MessageInput
|
The auth message parameters. |
connectionMode - ConnectionMode
|
Determines the protocol for establishing the Security Association (SA) Tunnel. Valid values are: Responder-Only Mode: Cato Cloud only responds to incoming requests by the initiator (e.g. a Firewall device) to establish a security association. Bidirectional Mode: Both Cato Cloud and the peer device on customer site can initiate the IPSec SA establishment. |
identificationType - IdentificationType
|
The authentication identification type used for SA authentication. When using “BIDIRECTIONAL”, it is set to “IPv4” by default. Other methods are available in Responder mode only. |
initMessage - IpsecIkeV2MessageInput
|
The init message parameters |
networkRanges - [IPSubnet]
|
The local IP ranges for the SAs |
Example
{
"authMessage": IpsecIkeV2MessageInput,
"connectionMode": "BIDIRECTIONAL",
"identificationType": "EMAIL",
"initMessage": IpsecIkeV2MessageInput,
"networkRanges": [IPSubnet]
}
UpdateIpsecIkeV2SiteGeneralDetailsPayload
BetaUpdateIpsecIkeV2SiteMultiTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
fqdn - Fqdn
|
Cato’s FQDN for the multi-tunnel |
tunnels - [UpdateIpsecIkeV2SiteTunnelPayload!]!
|
Example
{
"fqdn": Fqdn,
"tunnels": [UpdateIpsecIkeV2SiteTunnelPayload]
}
UpdateIpsecIkeV2SiteTunnelPayload
BetaFields
| Field Name | Description |
|---|---|
localId - String
|
The local ID for the tunnel |
tunnelId - IPSecV2InterfaceId
|
The ID of the tunnel |
Example
{
"localId": "xyz789",
"tunnelId": "PRIMARY1"
}
UpdateIpsecIkeV2SiteTunnelsInput
BetaFields
| Input Field | Description |
|---|---|
primary - UpdateIpsecIkeV2TunnelsInput
|
The configuration of the site’s primary tunnel |
secondary - UpdateIpsecIkeV2TunnelsInput
|
The configuration of the site’s secondary tunnel |
Example
{
"primary": UpdateIpsecIkeV2TunnelsInput,
"secondary": UpdateIpsecIkeV2TunnelsInput
}
UpdateIpsecIkeV2SiteTunnelsPayload
BetaFields
| Field Name | Description |
|---|---|
primary - UpdateIpsecIkeV2SiteMultiTunnelPayload
|
The primary multi-tunnel |
secondary - UpdateIpsecIkeV2SiteMultiTunnelPayload
|
The secondary multi-tunnel |
siteId - ID!
|
The ID of the site |
Example
{
"primary": UpdateIpsecIkeV2SiteMultiTunnelPayload,
"secondary": UpdateIpsecIkeV2SiteMultiTunnelPayload,
"siteId": 4
}
UpdateIpsecIkeV2TunnelInput
BetaFields
| Input Field | Description |
|---|---|
lastMileBw - LastMileBwInput
|
The maximum allowed bandwidth for the site. If not specified, it will be set according to the site license. If the ISP provided bandwidth is below the site bandwidth, set this parameter to the ISP bandwidth or below |
name - String
|
Tunnel name |
privateCatoIp - IPAddress
|
Cato’s private IP, used for BGP routing. Applicable for sites using BGP only |
privateSiteIp - IPAddress
|
Site private IP, used for BGP routing. Applicable for sites using BGP only |
psk - String
|
Pre-shared key. This field is write-only. |
publicSiteIp - IPAddress
|
The public IP address where the IPsec tunnel is initiated |
role - IPSecV2TunnelRole
|
Tunnel role |
tunnelId - IPSecV2InterfaceId!
|
The ID of the tunnel |
Example
{
"lastMileBw": LastMileBwInput,
"name": "abc123",
"privateCatoIp": IPAddress,
"privateSiteIp": IPAddress,
"psk": "abc123",
"publicSiteIp": IPAddress,
"role": "WAN1",
"tunnelId": "PRIMARY1"
}
UpdateIpsecIkeV2TunnelsInput
BetaFields
| Input Field | Description |
|---|---|
destinationType - DestinationType
|
The destination type of the IPsec tunnel |
popLocationId - ID
|
The PoP location ID |
publicCatoIpId - ID
|
The ID of the public IP (Allocated IP) of the Cato PoP to which the tunnel will connect. This will be the source-IP of the traffic transmitted to the Cato cloud over this tunnel when egressing the Cato Cloud |
tunnels - [UpdateIpsecIkeV2TunnelInput!]!
|
Example
{
"destinationType": "FQDN",
"popLocationId": 4,
"publicCatoIpId": 4,
"tunnels": [UpdateIpsecIkeV2TunnelInput]
}
UpdateLocationDetailsInput
BetaFields
| Input Field | Description |
|---|---|
companyName - String
|
Company name (recipient) |
contact - ContactDetailsInput
|
Delivery contact detail |
postalAddress - PostalAddressInput
|
Postal location |
vatId - String
|
Vat id (required for Brazil) |
Example
{
"companyName": "xyz789",
"contact": ContactDetailsInput,
"postalAddress": PostalAddressInput,
"vatId": "xyz789"
}
UpdateMailingListInput
Description
Update an existing Mailing List. Specified fields are updated, and no change to other fields. An empty Mailing List will remove all members.
Fields
| Input Field | Description |
|---|---|
address - [Email!]
|
Update the existing emails in the Mailing List. |
addressToAdd - [Email!]
|
Add specific emails to the current Mailing List. |
addressToRemove - [Email!]
|
Remove specific emails from the current Mailing List. |
admin - [AdminRefInput!]
|
Update the existing CMA admins in the Mailing List. |
adminToAdd - [AdminRefInput!]
|
Add CMA admins to the current Mailing List. |
adminToRemove - [AdminRefInput!]
|
Remove CMA admins from the current Mailing List. |
mailingList - MailingListRefInput!
|
The Mailing List to be updated. |
name - String
|
Update the Mailing List name |
Example
{
"address": [Email],
"addressToAdd": [Email],
"addressToRemove": [Email],
"admin": [AdminRefInput],
"adminToAdd": [AdminRefInput],
"adminToRemove": [AdminRefInput],
"mailingList": MailingListRefInput,
"name": "abc123"
}
UpdateMailingListPayload
Description
Returns the details of an updated Mailing List after a successful request.
Fields
| Field Name | Description |
|---|---|
mailingList - MailingList!
|
The updated Mailing List. |
Example
{"mailingList": MailingList}
UpdateNetworkRangeInput
Fields
| Input Field | Description |
|---|---|
azureFloatingIp - IPAddress
|
Only relevant for AZURE HA sites |
dhcpSettings - NetworkDhcpSettingsInput
|
Only relevant for NATIVE, VLAN rangeType |
gateway - IPAddress
|
Only relevant for ROUTED_ROUTE rangeType |
internetOnly - Boolean
|
|
localIp - IPAddress
|
Only relevant for NATIVE, SECONDARY_NATIVE, DIRECT_ROUTE, VLAN rangeType |
mdnsReflector - Boolean
|
BETA - Only relevant for NATIVE, DIRECT_ROUTE and VLAN rangeType |
name - String
|
|
rangeType - SubnetType
|
|
subnet - IPSubnet
|
|
translatedSubnet - IPSubnet
|
|
vlan - Int
|
Only relevant for NATIVE and VLAN network rangeType |
Example
{
"azureFloatingIp": IPAddress,
"dhcpSettings": NetworkDhcpSettingsInput,
"gateway": IPAddress,
"internetOnly": true,
"localIp": IPAddress,
"mdnsReflector": true,
"name": "abc123",
"rangeType": "Direct",
"subnet": IPSubnet,
"translatedSubnet": IPSubnet,
"vlan": 123
}
UpdateNetworkRangePayload
Fields
| Field Name | Description |
|---|---|
networkRangeId - ID!
|
Example
{"networkRangeId": 4}
UpdateSecondaryAwsVSocketInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
The ID of the secondary vSocket |
ipAddress - IPAddress
|
The IP address of the secondary vSocket |
routeTableId - String
|
The ID of the secondary vSocket route table |
subnet - NetworkSubnet
|
The subnet of the secondary vSocket |
Example
{
"id": "4",
"ipAddress": IPAddress,
"routeTableId": "xyz789",
"subnet": NetworkSubnet
}
UpdateSecondaryAwsVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
secondaryAwsVSocket - SecondaryAwsVSocket!
|
The updated secondary AWS vSocket object. |
Example
{"secondaryAwsVSocket": SecondaryAwsVSocket}
UpdateSecondaryAzureVSocketInput
BetaUpdateSecondaryAzureVSocketPayload
BetaFields
| Field Name | Description |
|---|---|
secondaryAzureVSocket - SecondaryAzureVSocket!
|
The updated secondary Azure vSocket object. |
Example
{"secondaryAzureVSocket": SecondaryAzureVSocket}
Fields
| Input Field | Description |
|---|---|
gcpConfig - GcpConfigInput!
|
|
id - ID!
|
Example
{
"gcpConfig": GcpConfigInput,
"id": "4"
}
Fields
| Field Name | Description |
|---|---|
socketInfo - GcpVSocketInfo!
|
Example
{"socketInfo": GcpVSocketInfo}
UpdateServicePrincipalAdminInput
Fields
| Input Field | Description |
|---|---|
managedRoles - [UpdateAdminRoleInput!]
|
|
name - String
|
|
resellerRoles - [UpdateAdminRoleInput!]
|
Example
{
"managedRoles": [UpdateAdminRoleInput],
"name": "xyz789",
"resellerRoles": [UpdateAdminRoleInput]
}
UpdateServicePrincipalAdminPayload
Fields
| Field Name | Description |
|---|---|
adminID - ID!
|
Example
{"adminID": "4"}
UpdateSiteBackhaulingInput
BetaFields
| Input Field | Description |
|---|---|
destination - BackhaulingDestination
|
|
nextHopIP - IPAddress
|
|
preferredSocketPort - String
|
|
site - SiteRefInput!
|
|
useAsBackhaulingGW - Boolean
|
Example
{
"destination": "INTERNET_BREAKOUT",
"nextHopIP": IPAddress,
"preferredSocketPort": "xyz789",
"site": SiteRefInput,
"useAsBackhaulingGW": true
}
UpdateSiteBackhaulingPayload
BetaFields
| Field Name | Description |
|---|---|
destination - BackhaulingDestination
|
|
nextHopIP - IPAddress
|
|
preferredSocketPort - String
|
|
site - SiteRef!
|
|
useAsBackhaulingGW - Boolean!
|
Example
{
"destination": "INTERNET_BREAKOUT",
"nextHopIP": IPAddress,
"preferredSocketPort": "xyz789",
"site": SiteRef,
"useAsBackhaulingGW": false
}
UpdateSiteBwLicenseInput
BetaFields
| Input Field | Description |
|---|---|
bw - Int!
|
Specifies the bandwidth (in Mbps) to allocate to the site when using a pooled bandwidth license. |
licenseId - ID!
|
The license that is being assigned |
site - SiteRefInput!
|
The site the license is being assigned to |
Example
{"bw": 987, "licenseId": 4, "site": SiteRefInput}
UpdateSiteBwLicensePayload
BetaFields
| Field Name | Description |
|---|---|
license - License!
|
Example
{"license": License}
UpdateSiteGeneralDetailsInput
Fields
| Input Field | Description |
|---|---|
description - String
|
|
name - String
|
|
preferredPopLocation - UpdateSitePreferredPopLocationInput
|
Only relevant for socket sites |
siteLocation - UpdateSiteLocationInput
|
|
siteType - SiteType
|
Example
{
"description": "abc123",
"name": "xyz789",
"preferredPopLocation": UpdateSitePreferredPopLocationInput,
"siteLocation": UpdateSiteLocationInput,
"siteType": "BRANCH"
}
UpdateSiteGeneralDetailsPayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
Example
{"siteId": "4"}
UpdateSiteLocationInput
UpdateSitePreferredPopLocationInput
Fields
| Input Field | Description |
|---|---|
preferredOnly - Boolean!
|
Forces the socket to connect exclusively to the configured PoP locations |
primary - PopLocationRefInput
|
Set the location reference to -1, Automatic, or null to enable automatic selection. Set the location reference to -2 or None to disable the preferred PoP location (only allowed for secondary). |
secondary - PopLocationRefInput
|
Example
{
"preferredOnly": false,
"primary": PopLocationRefInput,
"secondary": PopLocationRefInput
}
UpdateSiteSocketConfigurationInput
BetaFields
| Input Field | Description |
|---|---|
primarySocketConfiguration - SocketConfigurationInput
|
Configuration for the primary Socket of the site. |
secondarySocketConfiguration - SocketConfigurationInput
|
Configuration for the secondary Socket of the site. |
site - SiteRefInput!
|
Identifies the site. |
Example
{
"primarySocketConfiguration": SocketConfigurationInput,
"secondarySocketConfiguration": SocketConfigurationInput,
"site": SiteRefInput
}
UpdateSiteSocketConfigurationPayload
BetaFields
| Field Name | Description |
|---|---|
siteSocketConfiguration - SiteSocketConfiguration!
|
The updated Socket configuration for the site. |
Example
{"siteSocketConfiguration": SiteSocketConfiguration}
UpdateSocketInterfaceInput
Fields
| Input Field | Description |
|---|---|
altWan - SocketInterfaceAltWanInput
|
Only relevant for ALTERNATIVE, LAYER_2_WAN |
bandwidth - SocketInterfaceBandwidthInput
|
Only relevant for CATO, ALTERNATIVE, LAYER_2_WAN |
destType - SocketInterfaceDestType!
|
|
lag - SocketInterfaceLagInput
|
Only relevant for LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP |
lan - SocketInterfaceLanInput
|
Only relevant for LAN, VRRP_AND_LAN, LAN_LAG_MASTER, LAN_LAG_MASTER_AND_VRRP |
name - String
|
|
offCloud - SocketInterfaceOffCloudInput
|
Only relevant for CATO |
vrrp - SocketInterfaceVrrpInput
|
Only relevant for VRRP |
wan - SocketInterfaceWanInput
|
Only relevant for CATO |
Example
{
"altWan": SocketInterfaceAltWanInput,
"bandwidth": SocketInterfaceBandwidthInput,
"destType": "ALTERNATIVE",
"lag": SocketInterfaceLagInput,
"lan": SocketInterfaceLanInput,
"name": "xyz789",
"offCloud": SocketInterfaceOffCloudInput,
"vrrp": SocketInterfaceVrrpInput,
"wan": SocketInterfaceWanInput
}
UpdateSocketInterfacePayload
Fields
| Field Name | Description |
|---|---|
siteId - ID!
|
|
socketInterfaceId - SocketInterfaceIDEnum!
|
Example
{"siteId": 4, "socketInterfaceId": "INT_1"}
UpdateStaticHostInput
UpdateStaticHostPayload
Fields
| Field Name | Description |
|---|---|
hostId - ID!
|
Example
{"hostId": "4"}
UpdateSubscriptionGroupInput
Description
Update parameters for an existing Subscription Group. Specified fields will be updated, and there is no change for other fields. An empty list will remove all members.
Fields
| Input Field | Description |
|---|---|
integration - [IntegrationRefInput!]
|
Update the Integrations in the Subscription Group. |
integrationToAdd - [IntegrationRefInput!]
|
Add specific Integrations to the current Integrations in the Subscription Group |
integrationToRemove - [IntegrationRefInput!]
|
Remove specific Integrations to the current Integrations in the Subscription Group |
mailingList - [MailingListRefInput!]
|
Update the existing emails in the Subscription Group Mailing List. |
mailingListToAdd - [MailingListRefInput!]
|
Add specific emails to the current Mailing List in the Subscription Group |
mailingListToRemove - [MailingListRefInput!]
|
Remove specific emails to the current Mailing List in the Subscription Group |
name - String
|
Update the Subscription Group name |
subscriptionGroup - SubscriptionGroupRefInput!
|
The Subscription Group to be updated. |
Example
{
"integration": [IntegrationRefInput],
"integrationToAdd": [IntegrationRefInput],
"integrationToRemove": [IntegrationRefInput],
"mailingList": [MailingListRefInput],
"mailingListToAdd": [MailingListRefInput],
"mailingListToRemove": [MailingListRefInput],
"name": "xyz789",
"subscriptionGroup": SubscriptionGroupRefInput
}
UpdateSubscriptionGroupPayload
Description
Response payload for updating a Subscription Group.
Fields
| Field Name | Description |
|---|---|
subscriptionGroup - SubscriptionGroup!
|
The updated Subscription Group. |
Example
{"subscriptionGroup": SubscriptionGroup}
UpdateWebhookAuthInput
Description
Authentication configuration for updating a webhook integration. Only one authentication method should be provided. If null, no authentication will be used.
Fields
| Input Field | Description |
|---|---|
basic - UpdateBasicAuthInput
|
Basic authentication (username/password). |
bearer - UpdateBearerTokenAuthInput
|
Bearer token authentication. |
custom - UpdateCustomHeaderAuthInput
|
Custom header authentication. |
Example
{
"basic": UpdateBasicAuthInput,
"bearer": UpdateBearerTokenAuthInput,
"custom": UpdateCustomHeaderAuthInput
}
UpdateWebhookInput
Description
Modified parameters for an existing webhook integration.
Specified fields will be updated, and no changes to other fields. To remove all members, provide an empty list as the parameter.
Fields
| Input Field | Description |
|---|---|
auth - UpdateWebhookAuthInput
|
Update the authentication configuration for the target service. |
body - String
|
Update the JSON body template. Use available fields with '$' prefix to define the webhook payload. See 'Understanding the JSON Fields for Alert Integrations' Knowledge Base article for details. |
enabled - Boolean
|
Enable or disable the Webhook. |
header - [HttpHeaderNameValueInput!]
|
Update the optional HTTP headers. |
headerToAdd - [HttpHeaderNameValueInput!]
|
Add headers to the webhook headers list. |
headerToRemove - [HttpHeaderNameValueInput!]
|
Remove headers from the webhook headers list. |
name - String
|
Update the Webhook name |
relatedWebhookRef - WebhookIntegrationRefInput
|
Related webhook that provides the Correlation ID used for updates |
requestMethod - WebhookRequestMethod
|
Update the HTTP method used when sending the webhook request (e.g., POST, PUT). |
responseMapping - [WebhookResponseMapEntryInput!]
|
Defines JSON path mappings used to extract values from the webhook response payload. At present, only a single mapping is supported, with the key "correlationId". The value must be a valid JSON path pointing to the field in the response payload that represents the correlation identifier (for example, result.sys_id). |
responseMappingToAdd - [WebhookResponseMapEntryInput!]
|
Add response mappings to the webhook response mapping list. |
responseMappingToRemove - [WebhookResponseMapEntryInput!]
|
Remove response mappings from the webhook response mapping list. |
url - Url
|
Update the URL of the target service |
webhook - WebhookIntegrationRefInput!
|
The Webhook to be updated. |
Example
{
"auth": UpdateWebhookAuthInput,
"body": "xyz789",
"enabled": true,
"header": [HttpHeaderNameValueInput],
"headerToAdd": [HttpHeaderNameValueInput],
"headerToRemove": [HttpHeaderNameValueInput],
"name": "xyz789",
"relatedWebhookRef": WebhookIntegrationRefInput,
"requestMethod": "POST",
"responseMapping": [WebhookResponseMapEntryInput],
"responseMappingToAdd": [WebhookResponseMapEntryInput],
"responseMappingToRemove": [
WebhookResponseMapEntryInput
],
"url": Url,
"webhook": WebhookIntegrationRefInput
}
UpdateWebhookPayload
Description
Response payload for a webhook update operation.
Fields
| Field Name | Description |
|---|---|
webhook - Webhook!
|
The updated webhook integration. |
Example
{"webhook": Webhook}
Upload
BetaDescription
File upload - https://gqlgen.com/reference/file-upload/
Example
Upload
Description
Upload file input
Fields
| Input Field | Description |
|---|---|
fileName - String!
|
Uploaded file name |
Example
{"fileName": "xyz789"}
Description
Upload file response
Fields
| Field Name | Description |
|---|---|
uploadUrl - Url
|
Upload URL (HTTP PUT) |
Example
{"uploadUrl": Url}
Url
Description
A Uniform Resource Locator, colloquially known as an address on the Web. E.g.: http://www.example.com/page/
Example
Url
UserInfo
Description
Basic User configuration information
Fields
| Field Name | Description |
|---|---|
authMethod - String
|
Additional authentication mechanism, currently MFA or NONE |
creationTime - DateTime
|
Timestamp when the VPN user was created in the account |
email - String
|
Email address of the VPN user |
name - String
|
Name of the VPN user |
origin - String
|
User creation mechanism, current supported REGULAR or LDAP |
phoneNumber - String
|
Phone number for the VPN user |
status - OperationalStatus
|
Status of the Client as the type STRING |
Example
{
"authMethod": "xyz789",
"creationTime": "2007-12-03T10:15:30Z",
"email": "abc123",
"name": "abc123",
"origin": "xyz789",
"phoneNumber": "xyz789",
"status": "active"
}
UserNotificationAiSecurityTemplateRef
BetaUserNotificationTemplateRef
BetaUserNotificationTemplateRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
UserRef
BetaUserRefFilterInput
BetaFields
| Input Field | Description |
|---|---|
eq - UserRefInput
|
|
in - [UserRefInput!]
|
|
neq - UserRefInput
|
|
nin - [UserRefInput!]
|
Example
{
"eq": UserRefInput,
"in": [UserRefInput],
"neq": UserRefInput,
"nin": [UserRefInput]
}
UserRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
UserRole
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Example
"EDITOR"
UserSnapshot
Fields
| Field Name | Description |
|---|---|
connectedInOffice - Boolean
|
In this state the client does not create its own connection, but reuses the Office's socket connection |
connectivityStatus - ConnectivityStatus
|
Connectivity to the Cato Cloud |
deviceName - String
|
The host name of the device |
devices - [DeviceSnapshot!]
|
Data related to the Client |
id - ID
|
VPN user ID |
info - UserInfo
|
General information about the VPN user |
internalIP - String
|
IP address of the PoP that the Client is connected to |
lastConnected - DateTime
|
Last time the user was connected (relevant if not currently connected) |
name - String
|
User name from configuration, same as info.name |
operationalStatus - OperationalStatus
|
Status for a site or VPN user |
osType - String
|
Operating system of the device the Client is running on |
osVersion - String
|
Version of the operating system for the device |
popID - Int
|
ID of the PoP that the Client is connected to |
popName - String
|
Name of the PoP that the VPN user is connected to |
recentConnections - [RecentConnection!]
|
Data related to the most recent completed VPN connections |
remoteIP - String
|
IP address of the Client |
remoteIPInfo - IPInfo
|
IP address, ISP, and geographical information related to the Client |
uptime - Int
|
How long has the user been connected (in seconds) |
version - String
|
VPN client version string |
versionNumber - Int
|
VPN client version number |
Example
{
"connectedInOffice": false,
"connectivityStatus": "connected",
"deviceName": "xyz789",
"devices": [DeviceSnapshot],
"id": 4,
"info": UserInfo,
"internalIP": "xyz789",
"lastConnected": "2007-12-03T10:15:30Z",
"name": "xyz789",
"operationalStatus": "active",
"osType": "xyz789",
"osVersion": "xyz789",
"popID": 123,
"popName": "abc123",
"recentConnections": [RecentConnection],
"remoteIP": "xyz789",
"remoteIPInfo": IPInfo,
"uptime": 987,
"version": "abc123",
"versionNumber": 123
}
UsersGroupRef
BetaUsersGroupRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "abc123"}
Value
Types
| Union Types |
|---|
Example
StringValue
VendorEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"CATO"
VendorPredicate
BetaFields
| Input Field | Description |
|---|---|
in - [VendorEnum!]
|
|
not_in - [VendorEnum!]
|
Example
{"in": ["CATO"], "not_in": ["CATO"]}
Vlan
Description
VLAN Identifier. A number in the range 1-4094 used to uniquely identify a Virtual Local Area Network (VLAN) in networking environments
Example
Vlan
VlanRange
BetaVrrpType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"DIRECT_LINK"
WanFirewallActionConfig
BetaDescription
Configuration for Wan Firewall action
Fields
| Field Name | Description |
|---|---|
userNotification - [UserNotificationTemplateRef!]!
|
Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed. |
Example
{"userNotification": [UserNotificationTemplateRef]}
WanFirewallActionConfigInput
BetaDescription
Configuration for Wan Firewall action
Fields
| Input Field | Description |
|---|---|
userNotification - [UserNotificationTemplateRefInput!]!
|
Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed. Default |
Example
{"userNotification": [UserNotificationTemplateRefInput]}
WanFirewallActionConfigUpdateInput
BetaDescription
Configuration for Wan Firewall action
Fields
| Input Field | Description |
|---|---|
userNotification - [UserNotificationTemplateRefInput!]
|
Defines the user notification template to display when the rule blocks or prompts access. Only a single element is allowed. |
Example
{"userNotification": [UserNotificationTemplateRefInput]}
WanFirewallActionEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
Allow the network traffic to pass through the firewall. |
|
|
Deny the network traffic from passing through the firewall. |
|
|
Requests user confirmation to allow or block network traffic. |
Example
"ALLOW"
WanFirewallAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - WanFirewallActionEnum!
|
The action applied by the Internet Firewall if the rule is matched Default |
actionConfig - WanFirewallActionConfigInput!
|
Configuration for Wan Firewall action Default |
activePeriod - PolicyRuleActivePeriodInput!
|
The time period during which the rule is active, outside this period, the rule is inactive Default |
application - WanFirewallApplicationInput!
|
Application traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic Default |
country - [CountryRefInput!]!
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
description - String!
|
|
destination - WanFirewallDestinationInput!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
device - [DeviceProfileRefInput!]!
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
deviceAttributes - DeviceAttributesInput!
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. Default |
deviceOS - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
direction - WanFirewallDirectionEnum!
|
|
enabled - Boolean!
|
|
exceptions - [WanFirewallRuleExceptionInput!]!
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. Default |
name - String!
|
|
schedule - PolicyScheduleInput!
|
The time period specifying when the rule is enabled, otherwise it is disabled. Default |
service - WanFirewallServiceTypeInput!
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
source - WanFirewallSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
tracking - PolicyTrackingInput!
|
Tracking information when the rule is matched, such as events and notifications Default |
Example
{
"action": "ALLOW",
"actionConfig": WanFirewallActionConfigInput,
"activePeriod": PolicyRuleActivePeriodInput,
"application": WanFirewallApplicationInput,
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "abc123",
"destination": WanFirewallDestinationInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesInput,
"deviceOS": ["ANDROID"],
"direction": "BOTH",
"enabled": false,
"exceptions": [WanFirewallRuleExceptionInput],
"name": "xyz789",
"schedule": PolicyScheduleInput,
"service": WanFirewallServiceTypeInput,
"source": WanFirewallSourceInput,
"tracking": PolicyTrackingInput
}
WanFirewallAddRuleInput
BetaDescription
Rule parameters and relevant position
Fields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - WanFirewallAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": WanFirewallAddRuleDataInput
}
WanFirewallAddSubPolicyDataInput
BetaWanFirewallAddSubPolicyInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput!
|
|
policy - WanFirewallAddSubPolicyDataInput
|
|
scope - WanFirewallAddRuleDataInput!
|
Example
{
"at": PolicyRulePositionInput,
"policy": WanFirewallAddSubPolicyDataInput,
"scope": WanFirewallAddRuleDataInput
}
WanFirewallAddSubPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - WanFirewallPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": WanFirewallPolicy,
"status": "FAILURE"
}
WanFirewallApplication
BetaDescription
Application match criteria set
Fields
| Field Name | Description |
|---|---|
appCategory - [ApplicationCategoryRef!]!
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRef!]!
|
Applications for the rule (pre-defined) |
customApp - [CustomApplicationRef!]!
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRef!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]!
|
IPv4 addresses |
ipRange - [IpAddressRange!]!
|
A range of IPs. Every IP within the range will be matched |
sanctionedAppsCategory - [SanctionedAppsCategoryRef!]!
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
Example
{
"appCategory": [ApplicationCategoryRef],
"application": [ApplicationRef],
"customApp": [CustomApplicationRef],
"customCategory": [CustomCategoryRef],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"sanctionedAppsCategory": [SanctionedAppsCategoryRef],
"subnet": [NetworkSubnet]
}
WanFirewallApplicationInput
BetaDescription
Application match criteria set
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]!
|
Cato category of applications which are dynamically updated by Cato Default |
application - [ApplicationRefInput!]!
|
Applications for the rule (pre-defined) Default |
customApp - [CustomApplicationRefInput!]!
|
Custom (user-defined) applications Default |
customCategory - [CustomCategoryRefInput!]!
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. Default |
domain - [Domain!]!
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. Default |
fqdn - [Fqdn!]!
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
ip - [IPAddress!]!
|
IPv4 addresses Default |
ipRange - [IpAddressRangeInput!]!
|
A range of IPs. Every IP within the range will be matched Default |
sanctionedAppsCategory - [SanctionedAppsCategoryRefInput!]!
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"sanctionedAppsCategory": [
SanctionedAppsCategoryRefInput
],
"subnet": [NetworkSubnet]
}
WanFirewallApplicationUpdateInput
BetaDescription
Application match criteria set
Fields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]
|
Cato category of applications which are dynamically updated by Cato |
application - [ApplicationRefInput!]
|
Applications for the rule (pre-defined) |
customApp - [CustomApplicationRefInput!]
|
Custom (user-defined) applications |
customCategory - [CustomCategoryRefInput!]
|
Custom Categories – Groups of objects such as predefined and custom applications, predefined and custom services, domains, FQDNs etc. |
domain - [Domain!]
|
A Second-Level Domain (SLD). It matches all Top-Level Domains (TLD), and subdomains that include the Domain. Example: example.com. |
fqdn - [Fqdn!]
|
An exact match of the fully qualified domain (FQDN). Example: www.my.example.com. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
ip - [IPAddress!]
|
IPv4 addresses |
ipRange - [IpAddressRangeInput!]
|
A range of IPs. Every IP within the range will be matched |
sanctionedAppsCategory - [SanctionedAppsCategoryRefInput!]
|
Sanctioned Cloud Applications - apps that are approved and generally represent an understood and acceptable level of risk in your organization. |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"domain": [Domain],
"fqdn": [Fqdn],
"globalIpRange": [GlobalIpRangeRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"sanctionedAppsCategory": [
SanctionedAppsCategoryRefInput
],
"subnet": [NetworkSubnet]
}
WanFirewallDestination
BetaDescription
Returns the settings for Destination of a Wan Firewall rule
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
WanFirewallDestinationInput
BetaDescription
Input of the settings for Destination of a Wan Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
WanFirewallDestinationUpdateInput
BetaDescription
Input of the settings for Destination of a Wan Firewall rule. To specify 'ANY' destination, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
WanFirewallDirectionEnum
BetaValues
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"BOTH"
WanFirewallPolicy
BetaFields
| Field Name | Description |
|---|---|
access - EntityAccess!
|
Holds the complete set of access capabilities and limitations associated with the entity. |
audit - PolicyAudit
|
|
description - String!
|
Description for the policy |
enabled - Boolean!
|
|
id - ID!
|
Policy ID |
name - String!
|
Name of the policy, the default name for the policy containing all sub-policies is 'Main' |
revision - PolicyRevision
|
|
rules - [WanFirewallRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
|
subPolicies - [WanFirewallSubPolicyPayload!]!
|
Holds a list of all allowed sub-policies according to admin access capabilities |
Example
{
"access": EntityAccess,
"audit": PolicyAudit,
"description": "abc123",
"enabled": false,
"id": "4",
"name": "xyz789",
"revision": PolicyRevision,
"rules": [WanFirewallRulePayload],
"sections": [PolicySectionPayload],
"subPolicies": [WanFirewallSubPolicyPayload]
}
WanFirewallPolicyInfo
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit!
|
|
description - String!
|
|
enabled - Boolean!
|
|
id - ID!
|
|
name - String!
|
|
policyLevel - PolicyLevelEnum!
|
Example
{
"audit": PolicyAudit,
"description": "abc123",
"enabled": false,
"id": "4",
"name": "abc123",
"policyLevel": "MAIN"
}
WanFirewallPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
WanFirewallPolicyListFilterInput
BetaFields
| Input Field | Description |
|---|---|
id - [IdFilterInput!]
|
|
name - [StringFilterInput!]
|
|
policyLevel - [PolicyLevelEnumFilterInput!]
|
Example
{
"id": [IdFilterInput],
"name": [StringFilterInput],
"policyLevel": [PolicyLevelEnumFilterInput]
}
WanFirewallPolicyListInput
BetaFields
| Input Field | Description |
|---|---|
filter - WanFirewallPolicyListFilterInput
|
|
paging - PagingInput!
|
|
sort - WanFirewallPolicyListSortInput!
|
Example
{
"filter": WanFirewallPolicyListFilterInput,
"paging": PagingInput,
"sort": WanFirewallPolicyListSortInput
}
WanFirewallPolicyListPayload
BetaFields
| Field Name | Description |
|---|---|
items - [WanFirewallPolicyInfo!]!
|
|
paging - PageInfo!
|
Example
{
"items": [WanFirewallPolicyInfo],
"paging": PageInfo
}
WanFirewallPolicyListSortInput
BetaFields
| Input Field | Description |
|---|---|
name - SortOrderInput
|
|
policyLevel - SortOrderInput
|
Example
{
"name": SortOrderInput,
"policyLevel": SortOrderInput
}
WanFirewallPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
WanFirewallPolicyMutationPayload
BetaDescription
Wan Firewall policy information provided in the API response
Fields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - WanFirewallPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": WanFirewallPolicy,
"status": "FAILURE"
}
WanFirewallPolicyRef
BetaWanFirewallPolicyRefInput
BetaFields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
|
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
WanFirewallPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
WanFirewallRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
WanFirewallRemoveSubPolicyInput
BetaFields
| Input Field | Description |
|---|---|
ref - WanFirewallPolicyRefInput!
|
Example
{"ref": WanFirewallPolicyRefInput}
WanFirewallRemoveSubPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - WanFirewallPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": WanFirewallPolicy,
"status": "FAILURE"
}
WanFirewallRule
BetaFields
| Field Name | Description |
|---|---|
action - WanFirewallActionEnum!
|
The action applied by the Internet Firewall if the rule is matched |
actionConfig - WanFirewallActionConfig!
|
Configuration for Wan Firewall action |
activePeriod - PolicyRuleActivePeriod!
|
The time period during which the rule is active, outside this period, the rule is inactive |
application - WanFirewallApplication!
|
Application traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin of the traffic |
country - [CountryRef!]!
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String!
|
Description for the rule |
destination - WanFirewallDestination!
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
device - [DeviceProfileRef!]!
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
deviceAttributes - DeviceAttributes!
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
deviceOS - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
direction - WanFirewallDirectionEnum!
|
|
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
exceptions - [WanFirewallRuleException!]!
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
schedule - PolicySchedule!
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
service - WanFirewallServiceType!
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - WanFirewallSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
tracking - PolicyTracking!
|
Tracking information when the rule is matched, such as events and notifications |
Example
{
"action": "ALLOW",
"actionConfig": WanFirewallActionConfig,
"activePeriod": PolicyRuleActivePeriod,
"application": WanFirewallApplication,
"connectionOrigin": "ANY",
"country": [CountryRef],
"description": "xyz789",
"destination": WanFirewallDestination,
"device": [DeviceProfileRef],
"deviceAttributes": DeviceAttributes,
"deviceOS": ["ANDROID"],
"direction": "BOTH",
"enabled": false,
"exceptions": [WanFirewallRuleException],
"id": 4,
"index": 987,
"name": "abc123",
"schedule": PolicySchedule,
"section": PolicySectionInfo,
"service": WanFirewallServiceType,
"source": WanFirewallSource,
"tracking": PolicyTracking
}
WanFirewallRuleException
BetaDescription
Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules.
Fields
| Field Name | Description |
|---|---|
application - WanFirewallApplication!
|
Application matching criteria for the exception. |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin matching criteria for the exception. |
country - [CountryRef!]!
|
Source country matching criteria for the exception. |
destination - WanFirewallDestination!
|
Destination matching criteria for the exception. |
device - [DeviceProfileRef!]!
|
Source Device Profile matching criteria for the exception. |
deviceAttributes - DeviceAttributes!
|
Source Device Attributes matching criteria for the exception. |
deviceOS - [OperatingSystem!]!
|
Source device OS matching criteria for the exception. |
direction - WanFirewallDirectionEnum!
|
Direction origin matching criteria for the exception |
name - String!
|
A unique name of the rule exception. |
service - WanFirewallServiceType!
|
Destination service matching criteria for the exception. |
source - WanFirewallSource!
|
Source matching criteria for the exception. |
Example
{
"application": WanFirewallApplication,
"connectionOrigin": "ANY",
"country": [CountryRef],
"destination": WanFirewallDestination,
"device": [DeviceProfileRef],
"deviceAttributes": DeviceAttributes,
"deviceOS": ["ANDROID"],
"direction": "BOTH",
"name": "abc123",
"service": WanFirewallServiceType,
"source": WanFirewallSource
}
WanFirewallRuleExceptionInput
BetaDescription
Exceptions define when a rule is ignored, and the firewall policy evaluation continues with the lower priority rules.
Fields
| Input Field | Description |
|---|---|
application - WanFirewallApplicationInput!
|
Application matching criteria for the exception. Default |
connectionOrigin - ConnectionOriginEnum!
|
Connection origin matching criteria for the exception. Default |
country - [CountryRefInput!]!
|
Source country matching criteria for the exception. Default |
destination - WanFirewallDestinationInput!
|
Destination matching criteria for the exception. Default |
device - [DeviceProfileRefInput!]!
|
Source Device Profile matching criteria for the exception. Default |
deviceAttributes - DeviceAttributesInput!
|
Source Device Attributes matching criteria for the exception. Default |
deviceOS - [OperatingSystem!]!
|
Source device OS matching criteria for the exception. Default |
direction - WanFirewallDirectionEnum!
|
Direction origin matching criteria for the exception Default |
name - String!
|
A unique name of the rule exception. |
service - WanFirewallServiceTypeInput!
|
Destination service matching criteria for the exception. Default |
source - WanFirewallSourceInput!
|
Source matching criteria for the exception. Default |
Example
{
"application": WanFirewallApplicationInput,
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"destination": WanFirewallDestinationInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesInput,
"deviceOS": ["ANDROID"],
"direction": "BOTH",
"name": "xyz789",
"service": WanFirewallServiceTypeInput,
"source": WanFirewallSourceInput
}
WanFirewallRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - WanFirewallRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": WanFirewallRulePayload,
"status": "FAILURE"
}
WanFirewallRulePayload
BetaDescription
Wan Firewall policy information for a specific revision
Fields
| Field Name | Description |
|---|---|
access - EntityAccess!
|
Holds the complete set of access capabilities and limitations associated with the entity. |
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - WanFirewallRule!
|
|
ruleType - PolicyRuleTypeEnum!
|
POLICY_RULE = Rule is a regular policy rule SUB_POLICY_SCOPE = Rule is a scoping rule wrapping a sub-policy and predicate apply to all sub-policy rules |
subPolicy - WanFirewallPolicyRef
|
A reference to the sub-policy the entity is referring to |
Example
{
"access": EntityAccess,
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": WanFirewallRule,
"ruleType": "POLICY_RULE",
"subPolicy": WanFirewallPolicyRef
}
WanFirewallServiceType
BetaDescription
Returns the Service Type to which this Wan Firewall rule applies
Fields
| Field Name | Description |
|---|---|
custom - [CustomService!]!
|
|
standard - [ServiceRef!]!
|
Example
{
"custom": [CustomService],
"standard": [ServiceRef]
}
WanFirewallServiceTypeInput
BetaDescription
Input of the Service Type to which this Wan Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]!
|
|
standard - [ServiceRefInput!]!
|
Example
{
"custom": [CustomServiceInput],
"standard": [ServiceRefInput]
}
WanFirewallServiceTypeUpdateInput
BetaDescription
Input of the Service Type to which this Wan Firewall rule applies. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. standard: [], custom: [], etc...)
Fields
| Input Field | Description |
|---|---|
custom - [CustomServiceInput!]
|
|
standard - [ServiceRefInput!]
|
Example
{
"custom": [CustomServiceInput],
"standard": [ServiceRefInput]
}
WanFirewallSource
BetaDescription
Returns the settings for Source of an Wan Firewall rule
Fields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRef!]!
|
Globally defined IP range, IP and subnet objects |
group - [GroupRef!]!
|
Groups defined for your account |
host - [HostRef!]!
|
Hosts and servers defined for your account |
ip - [IPAddress!]!
|
IPv4 address |
ipRange - [IpAddressRange!]!
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRef!]!
|
Network range defined for a site |
site - [SiteRef!]!
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRef!]!
|
Predefined Cato groups |
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
WanFirewallSourceInput
BetaDescription
Input of the settings for Source of an Wan Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. Default |
globalIpRange - [GlobalIpRangeRefInput!]!
|
Globally defined IP range, IP and subnet objects Default |
group - [GroupRefInput!]!
|
Groups defined for your account Default |
host - [HostRefInput!]!
|
Hosts and servers defined for your account Default |
ip - [IPAddress!]!
|
IPv4 address Default |
ipRange - [IpAddressRangeInput!]!
|
Multiple separate IP addresses or an IP range Default |
networkInterface - [NetworkInterfaceRefInput!]!
|
Network range defined for a site Default |
site - [SiteRefInput!]!
|
Site defined for the account Default |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
GlobalRange + InterfaceSubnet Default |
subnet - [NetworkSubnet!]!
|
Subnets and network ranges defined for the LAN interfaces of a site Default |
systemGroup - [SystemGroupRefInput!]!
|
Predefined Cato groups Default |
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
WanFirewallSourceUpdateInput
BetaDescription
Input of the settings for Source of an Wan Firewall rule. To specify 'ANY' source, an empty list must be provided for each match criteria field (e.g. ip: [], group: [], etc...)
Fields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
Floating Subnets (ie. Floating Ranges) are used to identify traffic exactly matched to the route advertised by BGP. They are not associated with a specific site. This is useful in scenarios such as active-standby high availability routed via BGP. |
globalIpRange - [GlobalIpRangeRefInput!]
|
Globally defined IP range, IP and subnet objects |
group - [GroupRefInput!]
|
Groups defined for your account |
host - [HostRefInput!]
|
Hosts and servers defined for your account |
ip - [IPAddress!]
|
IPv4 address |
ipRange - [IpAddressRangeInput!]
|
Multiple separate IP addresses or an IP range |
networkInterface - [NetworkInterfaceRefInput!]
|
Network range defined for a site |
site - [SiteRefInput!]
|
Site defined for the account |
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
GlobalRange + InterfaceSubnet |
subnet - [NetworkSubnet!]
|
Subnets and network ranges defined for the LAN interfaces of a site |
systemGroup - [SystemGroupRefInput!]
|
Predefined Cato groups |
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
WanFirewallSubPolicyPayload
BetaFields
| Field Name | Description |
|---|---|
access - EntityAccess!
|
|
policy - WanFirewallPolicyInfo!
|
|
properties - [SubPolicyProperty!]!
|
Example
{
"access": EntityAccess,
"policy": WanFirewallPolicyInfo,
"properties": ["READ_ONLY"]
}
WanFirewallUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - WanFirewallActionEnum
|
The action applied by the Internet Firewall if the rule is matched |
actionConfig - WanFirewallActionConfigUpdateInput
|
Configuration for Wan Firewall action |
activePeriod - PolicyRuleActivePeriodUpdateInput
|
The time period during which the rule is active, outside this period, the rule is inactive |
application - WanFirewallApplicationUpdateInput
|
Application traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
connectionOrigin - ConnectionOriginEnum
|
Connection origin of the traffic |
country - [CountryRefInput!]
|
Source country traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
description - String
|
|
destination - WanFirewallDestinationUpdateInput
|
Destination traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
device - [DeviceProfileRefInput!]
|
Source Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
deviceAttributes - DeviceAttributesUpdateInput
|
Additional device attributes such as category, type, model, and manufacturer. Logical 'OR' is applied within the criteria set. Logical 'AND' is applied between criteria sets. |
deviceOS - [OperatingSystem!]
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
direction - WanFirewallDirectionEnum
|
|
enabled - Boolean
|
|
exceptions - [WanFirewallRuleExceptionInput!]
|
The set of exceptions for the rule. Exceptions define when the rule will be ignored and the firewall evaluation will continue with the lower priority rules. |
name - String
|
|
schedule - PolicyScheduleUpdateInput
|
The time period specifying when the rule is enabled, otherwise it is disabled. |
service - WanFirewallServiceTypeUpdateInput
|
Destination service traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - WanFirewallSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
tracking - PolicyTrackingUpdateInput
|
Tracking information when the rule is matched, such as events and notifications |
Example
{
"action": "ALLOW",
"actionConfig": WanFirewallActionConfigUpdateInput,
"activePeriod": PolicyRuleActivePeriodUpdateInput,
"application": WanFirewallApplicationUpdateInput,
"connectionOrigin": "ANY",
"country": [CountryRefInput],
"description": "xyz789",
"destination": WanFirewallDestinationUpdateInput,
"device": [DeviceProfileRefInput],
"deviceAttributes": DeviceAttributesUpdateInput,
"deviceOS": ["ANDROID"],
"direction": "BOTH",
"enabled": true,
"exceptions": [WanFirewallRuleExceptionInput],
"name": "abc123",
"schedule": PolicyScheduleUpdateInput,
"service": WanFirewallServiceTypeUpdateInput,
"source": WanFirewallSourceUpdateInput,
"tracking": PolicyTrackingUpdateInput
}
WanFirewallUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - WanFirewallUpdateRuleDataInput!
|
Example
{"id": 4, "rule": WanFirewallUpdateRuleDataInput}
WanNetworkAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
application - WanNetworkRuleApplicationInput!
|
The application or category of traffic for the rule. Default |
bandwidthPriority - BandwidthManagementRefInput!
|
The bandwidth priority (QoS) for the rule. |
configuration - WanNetworkRuleConfigurationInput!
|
The configuration of the rule. Default |
description - String!
|
|
destination - WanNetworkRuleDestinationInput!
|
The destination of the traffic for the rule. Default |
enabled - Boolean!
|
|
exceptions - [WanNetworkRuleExceptionInput!]!
|
Exceptions to the rule. Default |
name - String!
|
|
routeType - WanNetworkRuleRouteType!
|
Defines the routing method for the rule. By default, traffic will egress from connected PoP. Default |
ruleType - WanNetworkRuleType!
|
Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic. Default |
source - WanNetworkRuleSourceInput!
|
The source of the traffic for the rule. Default |
Example
{
"application": WanNetworkRuleApplicationInput,
"bandwidthPriority": BandwidthManagementRefInput,
"configuration": WanNetworkRuleConfigurationInput,
"description": "abc123",
"destination": WanNetworkRuleDestinationInput,
"enabled": true,
"exceptions": [WanNetworkRuleExceptionInput],
"name": "xyz789",
"routeType": "BACKHAUL",
"ruleType": "INBOUND_INTERNET",
"source": WanNetworkRuleSourceInput
}
WanNetworkAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - WanNetworkAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": WanNetworkAddRuleDataInput
}
WanNetworkPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [WanNetworkRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [WanNetworkRulePayload],
"sections": [PolicySectionPayload]
}
WanNetworkPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
WanNetworkPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
WanNetworkPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - WanNetworkPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": WanNetworkPolicy,
"status": "FAILURE"
}
WanNetworkPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
WanNetworkRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
WanNetworkRule
BetaFields
| Field Name | Description |
|---|---|
application - WanNetworkRuleApplication!
|
The application or category of traffic for the rule. |
bandwidthPriority - BandwidthManagementRef!
|
The bandwidth priority (QoS) for the rule. |
configuration - WanNetworkRuleConfiguration!
|
The configuration of the rule. |
description - String!
|
Description for the rule |
destination - WanNetworkRuleDestination!
|
The destination of the traffic for the rule. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
exceptions - [WanNetworkRuleException!]!
|
Exceptions to the rule. |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
routeType - WanNetworkRuleRouteType!
|
Defines the routing method for the rule. By default, traffic will egress from connected PoP. |
ruleType - WanNetworkRuleType!
|
Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - WanNetworkRuleSource!
|
The source of the traffic for the rule. |
Example
{
"application": WanNetworkRuleApplication,
"bandwidthPriority": BandwidthManagementRef,
"configuration": WanNetworkRuleConfiguration,
"description": "abc123",
"destination": WanNetworkRuleDestination,
"enabled": false,
"exceptions": [WanNetworkRuleException],
"id": "4",
"index": 987,
"name": "abc123",
"routeType": "BACKHAUL",
"ruleType": "INBOUND_INTERNET",
"section": PolicySectionInfo,
"source": WanNetworkRuleSource
}
WanNetworkRuleApplication
BetaFields
| Field Name | Description |
|---|---|
appCategory - [ApplicationCategoryRef!]!
|
|
application - [ApplicationRef!]!
|
|
customApp - [CustomApplicationRef!]!
|
|
customCategory - [CustomCategoryRef!]!
|
|
customService - [CustomService!]!
|
|
customServiceIp - [CustomServiceIp!]!
|
|
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
|
service - [ServiceRef!]!
|
Example
{
"appCategory": [ApplicationCategoryRef],
"application": [ApplicationRef],
"customApp": [CustomApplicationRef],
"customCategory": [CustomCategoryRef],
"customService": [CustomService],
"customServiceIp": [CustomServiceIp],
"domain": [Domain],
"fqdn": [Fqdn],
"service": [ServiceRef]
}
WanNetworkRuleApplicationInput
BetaFields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]!
|
|
application - [ApplicationRefInput!]!
|
|
customApp - [CustomApplicationRefInput!]!
|
|
customCategory - [CustomCategoryRefInput!]!
|
|
customService - [CustomServiceInput!]!
|
|
customServiceIp - [CustomServiceIpInput!]!
|
|
domain - [Domain!]!
|
|
fqdn - [Fqdn!]!
|
|
service - [ServiceRefInput!]!
|
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"customService": [CustomServiceInput],
"customServiceIp": [CustomServiceIpInput],
"domain": [Domain],
"fqdn": [Fqdn],
"service": [ServiceRefInput]
}
WanNetworkRuleApplicationUpdateInput
BetaFields
| Input Field | Description |
|---|---|
appCategory - [ApplicationCategoryRefInput!]
|
|
application - [ApplicationRefInput!]
|
|
customApp - [CustomApplicationRefInput!]
|
|
customCategory - [CustomCategoryRefInput!]
|
|
customService - [CustomServiceInput!]
|
|
customServiceIp - [CustomServiceIpInput!]
|
|
domain - [Domain!]
|
|
fqdn - [Fqdn!]
|
|
service - [ServiceRefInput!]
|
Example
{
"appCategory": [ApplicationCategoryRefInput],
"application": [ApplicationRefInput],
"customApp": [CustomApplicationRefInput],
"customCategory": [CustomCategoryRefInput],
"customService": [CustomServiceInput],
"customServiceIp": [CustomServiceIpInput],
"domain": [Domain],
"fqdn": [Fqdn],
"service": [ServiceRefInput]
}
WanNetworkRuleConfiguration
BetaFields
| Field Name | Description |
|---|---|
activeTcpAcceleration - Boolean!
|
Indicates if TCP acceleration is enabled. |
allocationIp - [AllocatedIpRef!]!
|
The allocated IP for NAT routing. Taken from IP Allocation, per PoP. |
backhaulingSite - [SiteRef!]!
|
The site for backhaul routing option. |
packetLossMitigation - Boolean!
|
Indicates if packet loss mitigation is enabled. |
popLocation - [PopLocationRef!]!
|
The PoP location for routing and egressing from Cato Cloud. |
preserveSourcePort - Boolean!
|
Indicates if the source port should be preserved. |
primaryTransport - WanNetworkRuleTransport!
|
The primary transport method. |
secondaryTransport - WanNetworkRuleTransport!
|
The secondary transport method. |
Example
{
"activeTcpAcceleration": true,
"allocationIp": [AllocatedIpRef],
"backhaulingSite": [SiteRef],
"packetLossMitigation": false,
"popLocation": [PopLocationRef],
"preserveSourcePort": false,
"primaryTransport": WanNetworkRuleTransport,
"secondaryTransport": WanNetworkRuleTransport
}
WanNetworkRuleConfigurationInput
BetaFields
| Input Field | Description |
|---|---|
activeTcpAcceleration - Boolean!
|
Indicates if TCP acceleration is enabled. Default |
allocationIp - [AllocatedIpRefInput!]!
|
The allocated IP for NAT routing. Taken from IP Allocation, per PoP. Default |
backhaulingSite - [SiteRefInput!]!
|
The site for backhaul routing option. Default |
packetLossMitigation - Boolean!
|
Indicates if packet loss mitigation is enabled. Default |
popLocation - [PopLocationRefInput!]!
|
The PoP location for routing and egressing from Cato Cloud. Default |
preserveSourcePort - Boolean!
|
Indicates if the source port should be preserved. Default |
primaryTransport - WanNetworkRuleTransportInput!
|
The primary transport method. Default |
secondaryTransport - WanNetworkRuleTransportInput!
|
The secondary transport method. Default |
Example
{
"activeTcpAcceleration": true,
"allocationIp": [AllocatedIpRefInput],
"backhaulingSite": [SiteRefInput],
"packetLossMitigation": false,
"popLocation": [PopLocationRefInput],
"preserveSourcePort": false,
"primaryTransport": WanNetworkRuleTransportInput,
"secondaryTransport": WanNetworkRuleTransportInput
}
WanNetworkRuleConfigurationUpdateInput
BetaFields
| Input Field | Description |
|---|---|
activeTcpAcceleration - Boolean
|
Indicates if TCP acceleration is enabled. |
allocationIp - [AllocatedIpRefInput!]
|
The allocated IP for NAT routing. Taken from IP Allocation, per PoP. |
backhaulingSite - [SiteRefInput!]
|
The site for backhaul routing option. |
packetLossMitigation - Boolean
|
Indicates if packet loss mitigation is enabled. |
popLocation - [PopLocationRefInput!]
|
The PoP location for routing and egressing from Cato Cloud. |
preserveSourcePort - Boolean
|
Indicates if the source port should be preserved. |
primaryTransport - WanNetworkRuleTransportUpdateInput
|
The primary transport method. |
secondaryTransport - WanNetworkRuleTransportUpdateInput
|
The secondary transport method. |
Example
{
"activeTcpAcceleration": false,
"allocationIp": [AllocatedIpRefInput],
"backhaulingSite": [SiteRefInput],
"packetLossMitigation": false,
"popLocation": [PopLocationRefInput],
"preserveSourcePort": false,
"primaryTransport": WanNetworkRuleTransportUpdateInput,
"secondaryTransport": WanNetworkRuleTransportUpdateInput
}
WanNetworkRuleDestination
BetaFields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
|
globalIpRange - [GlobalIpRangeRef!]!
|
|
group - [GroupRef!]!
|
|
host - [HostRef!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
networkInterface - [NetworkInterfaceRef!]!
|
|
site - [SiteRef!]!
|
|
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
|
subnet - [NetworkSubnet!]!
|
|
systemGroup - [SystemGroupRef!]!
|
|
user - [UserRef!]!
|
|
usersGroup - [UsersGroupRef!]!
|
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
WanNetworkRuleDestinationInput
BetaFields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
|
globalIpRange - [GlobalIpRangeRefInput!]!
|
|
group - [GroupRefInput!]!
|
|
host - [HostRefInput!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRangeInput!]!
|
|
networkInterface - [NetworkInterfaceRefInput!]!
|
|
site - [SiteRefInput!]!
|
|
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
|
subnet - [NetworkSubnet!]!
|
|
systemGroup - [SystemGroupRefInput!]!
|
|
user - [UserRefInput!]!
|
|
usersGroup - [UsersGroupRefInput!]!
|
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
WanNetworkRuleDestinationUpdateInput
BetaFields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
|
globalIpRange - [GlobalIpRangeRefInput!]
|
|
group - [GroupRefInput!]
|
|
host - [HostRefInput!]
|
|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
networkInterface - [NetworkInterfaceRefInput!]
|
|
site - [SiteRefInput!]
|
|
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
|
subnet - [NetworkSubnet!]
|
|
systemGroup - [SystemGroupRefInput!]
|
|
user - [UserRefInput!]
|
|
usersGroup - [UsersGroupRefInput!]
|
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
WanNetworkRuleException
BetaFields
| Field Name | Description |
|---|---|
application - WanNetworkRuleApplication!
|
The application or category of traffic for the rule. |
destination - WanNetworkRuleDestination!
|
The destination of the traffic for the rule. |
name - String!
|
The name of the network rule. |
source - WanNetworkRuleSource!
|
The source of the traffic for the rule. |
Example
{
"application": WanNetworkRuleApplication,
"destination": WanNetworkRuleDestination,
"name": "abc123",
"source": WanNetworkRuleSource
}
WanNetworkRuleExceptionInput
BetaFields
| Input Field | Description |
|---|---|
application - WanNetworkRuleApplicationInput!
|
The application or category of traffic for the rule. Default |
destination - WanNetworkRuleDestinationInput!
|
The destination of the traffic for the rule. Default |
name - String!
|
The name of the network rule. |
source - WanNetworkRuleSourceInput!
|
The source of the traffic for the rule. Default |
Example
{
"application": WanNetworkRuleApplicationInput,
"destination": WanNetworkRuleDestinationInput,
"name": "xyz789",
"source": WanNetworkRuleSourceInput
}
WanNetworkRuleInterfaceRole
BetaValues
| Enum Value | Description |
|---|---|
|
|
Automatic interface role. |
|
|
No interface role. |
|
|
WAN1 interface role. |
|
|
WAN2 interface role. |
|
|
WAN3 interface role. |
|
|
WAN4 interface role. |
|
|
WAN5 interface role. |
|
|
WAN6 interface role. |
Example
"AUTOMATIC"
WanNetworkRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - WanNetworkRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": WanNetworkRulePayload,
"status": "FAILURE"
}
WanNetworkRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - WanNetworkRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": WanNetworkRule
}
WanNetworkRuleRouteType
BetaValues
| Enum Value | Description |
|---|---|
|
|
Backhaul routing. |
|
|
Backhaul hairpinning routing. |
|
|
NAT routing. |
|
|
No routing. |
|
|
Optimized routing. Smart Egress using closest destination |
|
|
Route via a specific path. |
Example
"BACKHAUL"
WanNetworkRuleSource
BetaFields
| Field Name | Description |
|---|---|
floatingSubnet - [FloatingSubnetRef!]!
|
|
globalIpRange - [GlobalIpRangeRef!]!
|
|
group - [GroupRef!]!
|
|
host - [HostRef!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRange!]!
|
|
networkInterface - [NetworkInterfaceRef!]!
|
|
site - [SiteRef!]!
|
|
siteNetworkSubnet - [SiteNetworkSubnetRef!]!
|
|
subnet - [NetworkSubnet!]!
|
|
systemGroup - [SystemGroupRef!]!
|
|
user - [UserRef!]!
|
|
usersGroup - [UsersGroupRef!]!
|
Example
{
"floatingSubnet": [FloatingSubnetRef],
"globalIpRange": [GlobalIpRangeRef],
"group": [GroupRef],
"host": [HostRef],
"ip": [IPAddress],
"ipRange": [IpAddressRange],
"networkInterface": [NetworkInterfaceRef],
"site": [SiteRef],
"siteNetworkSubnet": [SiteNetworkSubnetRef],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRef],
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
WanNetworkRuleSourceInput
BetaFields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]!
|
|
globalIpRange - [GlobalIpRangeRefInput!]!
|
|
group - [GroupRefInput!]!
|
|
host - [HostRefInput!]!
|
|
ip - [IPAddress!]!
|
|
ipRange - [IpAddressRangeInput!]!
|
|
networkInterface - [NetworkInterfaceRefInput!]!
|
|
site - [SiteRefInput!]!
|
|
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]!
|
|
subnet - [NetworkSubnet!]!
|
|
systemGroup - [SystemGroupRefInput!]!
|
|
user - [UserRefInput!]!
|
|
usersGroup - [UsersGroupRefInput!]!
|
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
WanNetworkRuleSourceUpdateInput
BetaFields
| Input Field | Description |
|---|---|
floatingSubnet - [FloatingSubnetRefInput!]
|
|
globalIpRange - [GlobalIpRangeRefInput!]
|
|
group - [GroupRefInput!]
|
|
host - [HostRefInput!]
|
|
ip - [IPAddress!]
|
|
ipRange - [IpAddressRangeInput!]
|
|
networkInterface - [NetworkInterfaceRefInput!]
|
|
site - [SiteRefInput!]
|
|
siteNetworkSubnet - [SiteNetworkSubnetRefInput!]
|
|
subnet - [NetworkSubnet!]
|
|
systemGroup - [SystemGroupRefInput!]
|
|
user - [UserRefInput!]
|
|
usersGroup - [UsersGroupRefInput!]
|
Example
{
"floatingSubnet": [FloatingSubnetRefInput],
"globalIpRange": [GlobalIpRangeRefInput],
"group": [GroupRefInput],
"host": [HostRefInput],
"ip": [IPAddress],
"ipRange": [IpAddressRangeInput],
"networkInterface": [NetworkInterfaceRefInput],
"site": [SiteRefInput],
"siteNetworkSubnet": [SiteNetworkSubnetRefInput],
"subnet": [NetworkSubnet],
"systemGroup": [SystemGroupRefInput],
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
WanNetworkRuleTransport
BetaFields
| Field Name | Description |
|---|---|
primaryInterfaceRole - WanNetworkRuleInterfaceRole!
|
The primary interface role. |
secondaryInterfaceRole - WanNetworkRuleInterfaceRole!
|
The secondary interface role. |
transportType - WanNetworkRuleTransportType!
|
Example
{
"primaryInterfaceRole": "AUTOMATIC",
"secondaryInterfaceRole": "AUTOMATIC",
"transportType": "ALTERNATIVE_WAN"
}
WanNetworkRuleTransportInput
BetaFields
| Input Field | Description |
|---|---|
primaryInterfaceRole - WanNetworkRuleInterfaceRole!
|
The primary interface role. Default |
secondaryInterfaceRole - WanNetworkRuleInterfaceRole!
|
The secondary interface role. Default |
transportType - WanNetworkRuleTransportType!
|
Example
{
"primaryInterfaceRole": "AUTOMATIC",
"secondaryInterfaceRole": "AUTOMATIC",
"transportType": "ALTERNATIVE_WAN"
}
WanNetworkRuleTransportType
BetaValues
| Enum Value | Description |
|---|---|
|
|
Alternative WAN transport type. |
|
|
Automatic transport type. |
|
|
No transport type. |
|
|
Off-cloud transport type. |
|
|
WAN transport type. |
Example
"ALTERNATIVE_WAN"
WanNetworkRuleTransportUpdateInput
BetaFields
| Input Field | Description |
|---|---|
primaryInterfaceRole - WanNetworkRuleInterfaceRole
|
The primary interface role. |
secondaryInterfaceRole - WanNetworkRuleInterfaceRole
|
The secondary interface role. |
transportType - WanNetworkRuleTransportType
|
Example
{
"primaryInterfaceRole": "AUTOMATIC",
"secondaryInterfaceRole": "AUTOMATIC",
"transportType": "ALTERNATIVE_WAN"
}
WanNetworkRuleType
BetaValues
| Enum Value | Description |
|---|---|
|
|
Inbound Internet transport type. |
|
|
Internet transport type. |
|
|
WAN transport type. |
Example
"INBOUND_INTERNET"
WanNetworkUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
application - WanNetworkRuleApplicationUpdateInput
|
The application or category of traffic for the rule. |
bandwidthPriority - BandwidthManagementRefInput
|
The bandwidth priority (QoS) for the rule. |
configuration - WanNetworkRuleConfigurationUpdateInput
|
The configuration of the rule. |
description - String
|
|
destination - WanNetworkRuleDestinationUpdateInput
|
The destination of the traffic for the rule. |
enabled - Boolean
|
|
exceptions - [WanNetworkRuleExceptionInput!]
|
Exceptions to the rule. |
name - String
|
|
routeType - WanNetworkRuleRouteType
|
Defines the routing method for the rule. By default, traffic will egress from connected PoP. |
ruleType - WanNetworkRuleType
|
Specifies if the rule is for Internet (outbound) or WAN (wanbound) traffic. |
source - WanNetworkRuleSourceUpdateInput
|
The source of the traffic for the rule. |
Example
{
"application": WanNetworkRuleApplicationUpdateInput,
"bandwidthPriority": BandwidthManagementRefInput,
"configuration": WanNetworkRuleConfigurationUpdateInput,
"description": "abc123",
"destination": WanNetworkRuleDestinationUpdateInput,
"enabled": false,
"exceptions": [WanNetworkRuleExceptionInput],
"name": "abc123",
"routeType": "BACKHAUL",
"ruleType": "INBOUND_INTERNET",
"source": WanNetworkRuleSourceUpdateInput
}
WanNetworkUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - WanNetworkUpdateRuleDataInput!
|
Example
{
"id": "4",
"rule": WanNetworkUpdateRuleDataInput
}
Webhook
Description
Defines the structure of a webhook integration used to send notifications to third-party services.
Fields
| Field Name | Description |
|---|---|
auth - AuthInterface!
|
Authentication configuration for the webhook. |
body - String!
|
JSON template used to structure the webhook request body. |
enabled - Boolean!
|
Indicates whether the webhook is currently enabled. |
header - [HttpHeaderNameValue!]!
|
Optional custom headers sent with the webhook request. |
id - ID!
|
Unique identifier of the webhook integration. |
name - String!
|
Display name of the webhook integration. |
relatedWebhookId - ID
|
Related webhook that provides the Correlation ID used for updates |
requestMethod - WebhookRequestMethod!
|
HTTP method used when sending the webhook request (e.g., POST, PUT). |
responseMapping - [WebhookResponseMapEntry!]!
|
Defines JSON path mappings used to extract values from the webhook response payload. At present, only a single mapping is supported, with the key "correlationId". The value must be a valid JSON path pointing to the field in the response payload that represents the correlation identifier (for example, result.sys_id). |
url - Url!
|
Target URL where the webhook sends requests. |
Example
{
"auth": AuthInterface,
"body": "abc123",
"enabled": true,
"header": [HttpHeaderNameValue],
"id": 4,
"name": "abc123",
"relatedWebhookId": 4,
"requestMethod": "POST",
"responseMapping": [WebhookResponseMapEntry],
"url": Url
}
WebhookFieldsPayload
Description
Lists all supported fields available for customizing webhook requests.
Fields
| Field Name | Description |
|---|---|
bodyFields - [String!]!
|
List of supported fields for the webhook request body. |
headerFields - [String!]!
|
List of supported fields for the webhook headers. |
urlFields - [String!]!
|
List of supported fields for the webhook URL. |
Example
{
"bodyFields": ["xyz789"],
"headerFields": ["xyz789"],
"urlFields": ["xyz789"]
}
WebhookIntegrationRefInput
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Specify the webhook integration by name or by ID. IDs are automatically unique, if you use a non-unique name, it will result in an error. Default |
input - String!
|
The corresponding name or ID. |
Example
{"by": "ID", "input": "xyz789"}
WebhookListPayload
Description
Represents the response payload for a list of webhook integrations.
Fields
| Field Name | Description |
|---|---|
items - [Webhook!]!
|
List of webhook integrations configured for the account. |
paging - PageInfo!
|
Pagination metadata for the webhook list. |
Example
{
"items": [Webhook],
"paging": PageInfo
}
WebhookReferenceBodyTemplate
Description
Represents a reusable webhook body template for standardizing payload formats.
Fields
| Field Name | Description |
|---|---|
auth - AuthInterface
|
Authentication configuration for the webhook. |
bodyTemplate - String!
|
JSON body template used as a reference for webhook payloads. |
header - [HttpHeaderNameValue!]!
|
Optional custom headers sent with the webhook request. |
id - ID!
|
Unique identifier of the Webhook Reference Body Template. |
name - String!
|
Name of the webhook reference body template |
requestMethod - WebhookRequestMethod
|
HTTP method used when sending the webhook request (e.g., POST, PUT). |
responseMapping - [WebhookResponseMapEntry!]!
|
Defines JSON path mappings used to extract values from the webhook response payload. At present, only a single mapping is supported, with the key "correlationId". The value must be a valid JSON path pointing to the field in the response payload that represents the correlation identifier (for example, result.sys_id). |
url - String!
|
Target URL where the webhook sends requests. |
webhookRelationType - WebhookRelationType
|
Indicates whether this template is for CREATE operations, UPDATE operations, or NONE (null if not applicable) |
Example
{
"auth": AuthInterface,
"bodyTemplate": "abc123",
"header": [HttpHeaderNameValue],
"id": 4,
"name": "xyz789",
"requestMethod": "POST",
"responseMapping": [WebhookResponseMapEntry],
"url": "xyz789",
"webhookRelationType": "CREATE"
}
WebhookReferenceBodyTemplateListPayload
Description
Represents the response payload for listing predefined webhook body templates.
Fields
| Field Name | Description |
|---|---|
items - [WebhookReferenceBodyTemplate!]!
|
List of predefined webhook reference body templates. |
Example
{"items": [WebhookReferenceBodyTemplate]}
WebhookRelationType
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"CREATE"
WebhookRequestMethod
Values
| Enum Value | Description |
|---|---|
|
|
|
|
|
Example
"POST"
WebhookResponseMapEntry
WebhookResponseMapEntryInput
WebhookTemplateRefInput
Fields
| Input Field | Description |
|---|---|
by - ObjectRefBy!
|
Specify the webhook integration template reference by name or by ID. IDs are automatically unique, if you use a non-unique name, it will result in an error. Default |
input - String!
|
Example
{"by": "ID", "input": "xyz789"}
XOpsLicense
BetaDescription
XOps service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
Example
{
"description": "xyz789",
"expirationDate": "2007-12-03T10:15:30Z",
"id": "4",
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE"
}
XdrProLicense
BetaDescription
XDR Pro (extended detection and response) service license details
Fields
| Field Name | Description |
|---|---|
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The number of knowledge users that the XDR Pro service refers to |
Example
{
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 123
}
ZtnaAlwaysOnAddRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - ZtnaAlwaysOnRuleActionEnum!
|
The action applied by the Always On rule Default |
allowFailOpen - Boolean!
|
Allow Direct internet access until a connection to the pop is established Default |
allowUserBypass - Boolean!
|
Allow user to bypass Always On Default |
antiTamperMode - AntiTamperModeEnum
|
Specifies the level of protection against tampering Default |
bypassDuration - ZtnaAlwaysOnTimeInput!
|
Bypass disconnection duration |
description - String!
|
|
devicePostureProfile - [DeviceProfileRefInput!]!
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
enabled - Boolean!
|
|
name - String!
|
|
platform - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
source - ZtnaAlwaysOnSourceInput!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. Default |
Example
{
"action": "ENFORCE",
"allowFailOpen": false,
"allowUserBypass": true,
"antiTamperMode": "MONITOR",
"bypassDuration": ZtnaAlwaysOnTimeInput,
"description": "xyz789",
"devicePostureProfile": [DeviceProfileRefInput],
"enabled": true,
"name": "xyz789",
"platform": ["ANDROID"],
"source": ZtnaAlwaysOnSourceInput
}
ZtnaAlwaysOnAddRuleInput
BetaFields
| Input Field | Description |
|---|---|
at - PolicyRulePositionInput
|
Position of the rule in the policy |
rule - ZtnaAlwaysOnAddRuleDataInput!
|
Parameters for the rule you are adding |
Example
{
"at": PolicyRulePositionInput,
"rule": ZtnaAlwaysOnAddRuleDataInput
}
ZtnaAlwaysOnPolicy
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyAudit
|
|
enabled - Boolean!
|
|
revision - PolicyRevision
|
|
rules - [ZtnaAlwaysOnRulePayload!]!
|
|
sections - [PolicySectionPayload!]!
|
Example
{
"audit": PolicyAudit,
"enabled": true,
"revision": PolicyRevision,
"rules": [ZtnaAlwaysOnRulePayload],
"sections": [PolicySectionPayload]
}
ZtnaAlwaysOnPolicyInput
BetaFields
| Input Field | Description |
|---|---|
revision - PolicyRevisionInput
|
A revision is a specific instance of the policy. Unpublished revisions are working copies of the policy available to a specific admin or a set of admins Published revisions are revisions that were applied to the account network. The last published revision is the active policy. |
Example
{"revision": PolicyRevisionInput}
ZtnaAlwaysOnPolicyMutationInput
Fields
| Input Field | Description |
|---|---|
revision - PolicyMutationRevisionInput
|
Example
{"revision": PolicyMutationRevisionInput}
ZtnaAlwaysOnPolicyMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
policy - ZtnaAlwaysOnPolicy
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"policy": ZtnaAlwaysOnPolicy,
"status": "FAILURE"
}
ZtnaAlwaysOnPolicyUpdateInput
BetaFields
| Input Field | Description |
|---|---|
state - PolicyToggleState
|
Example
{"state": "DISABLED"}
ZtnaAlwaysOnRemoveRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
Example
{"id": "4"}
ZtnaAlwaysOnRule
BetaFields
| Field Name | Description |
|---|---|
action - ZtnaAlwaysOnRuleActionEnum!
|
The action applied by the Always On rule |
allowFailOpen - Boolean!
|
Allow Direct internet access until a connection to the pop is established |
allowUserBypass - Boolean!
|
Allow user to bypass Always On |
antiTamperMode - AntiTamperModeEnum
|
Specifies the level of protection against tampering |
bypassDuration - ZtnaAlwaysOnTime!
|
Bypass disconnection duration |
description - String!
|
Description for the rule |
devicePostureProfile - [DeviceProfileRef!]!
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean!
|
TRUE = Rule is enabled FALSE = Rule is disabled |
id - ID!
|
Rule ID |
index - Int!
|
Position / priority of rule |
name - String!
|
Name of the rule |
platform - [OperatingSystem!]!
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
section - PolicySectionInfo!
|
Policy section where the rule is located |
source - ZtnaAlwaysOnSource!
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
Example
{
"action": "ENFORCE",
"allowFailOpen": false,
"allowUserBypass": false,
"antiTamperMode": "MONITOR",
"bypassDuration": ZtnaAlwaysOnTime,
"description": "abc123",
"devicePostureProfile": [DeviceProfileRef],
"enabled": false,
"id": "4",
"index": 987,
"name": "abc123",
"platform": ["ANDROID"],
"section": PolicySectionInfo,
"source": ZtnaAlwaysOnSource
}
ZtnaAlwaysOnRuleActionEnum
BetaDescription
The action applied by the Always on policy if the rule is matched
Values
| Enum Value | Description |
|---|---|
|
|
Enforce always on policy. |
|
|
On demand always on policy. |
Example
"ENFORCE"
ZtnaAlwaysOnRuleMutationPayload
BetaFields
| Field Name | Description |
|---|---|
errors - [PolicyMutationError!]!
|
|
rule - ZtnaAlwaysOnRulePayload
|
|
status - PolicyMutationStatus!
|
Example
{
"errors": [PolicyMutationError],
"rule": ZtnaAlwaysOnRulePayload,
"status": "FAILURE"
}
ZtnaAlwaysOnRulePayload
BetaFields
| Field Name | Description |
|---|---|
audit - PolicyElementAudit!
|
|
properties - [PolicyElementPropertiesEnum!]!
|
|
rule - ZtnaAlwaysOnRule!
|
Example
{
"audit": PolicyElementAudit,
"properties": ["ADDED"],
"rule": ZtnaAlwaysOnRule
}
ZtnaAlwaysOnSource
BetaDescription
Returns the settings for Source of an Always On rule
Fields
| Field Name | Description |
|---|---|
user - [UserRef!]!
|
Individual users defined for the account |
usersGroup - [UsersGroupRef!]!
|
Group of users |
Example
{
"user": [UserRef],
"usersGroup": [UsersGroupRef]
}
ZtnaAlwaysOnSourceInput
BetaDescription
Input of the settings for Source of an Always On rule
Fields
| Input Field | Description |
|---|---|
user - [UserRefInput!]!
|
Individual users defined for the account Default |
usersGroup - [UsersGroupRefInput!]!
|
Group of users Default |
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ZtnaAlwaysOnSourceUpdateInput
BetaDescription
Input of the settings for Source of an Always On rule
Fields
| Input Field | Description |
|---|---|
user - [UserRefInput!]
|
Individual users defined for the account |
usersGroup - [UsersGroupRefInput!]
|
Group of users |
Example
{
"user": [UserRefInput],
"usersGroup": [UsersGroupRefInput]
}
ZtnaAlwaysOnTime
BetaDescription
Return the disconnection duration time
Fields
| Field Name | Description |
|---|---|
time - Int!
|
Duration time value |
unit - ZtnaAlwaysOnTimeUnit!
|
Time unit for the duration |
Example
{"time": 987, "unit": "HOURS"}
ZtnaAlwaysOnTimeInput
BetaDescription
Return the disconnection duration time
Fields
| Input Field | Description |
|---|---|
time - Int!
|
Duration time value |
unit - ZtnaAlwaysOnTimeUnit!
|
Time unit for the duration Default |
Example
{"time": 123, "unit": "HOURS"}
ZtnaAlwaysOnTimeUnit
BetaDescription
Return the time unit of the duration time
Values
| Enum Value | Description |
|---|---|
|
|
Time in hours |
|
|
Time in minutes |
Example
"HOURS"
ZtnaAlwaysOnTimeUpdateInput
BetaDescription
Return the disconnection duration time
Fields
| Input Field | Description |
|---|---|
time - Int
|
Duration time value |
unit - ZtnaAlwaysOnTimeUnit
|
Time unit for the duration |
Example
{"time": 987, "unit": "HOURS"}
ZtnaAlwaysOnUpdateRuleDataInput
BetaFields
| Input Field | Description |
|---|---|
action - ZtnaAlwaysOnRuleActionEnum
|
The action applied by the Always On rule |
allowFailOpen - Boolean
|
Allow Direct internet access until a connection to the pop is established |
allowUserBypass - Boolean
|
Allow user to bypass Always On |
antiTamperMode - AntiTamperModeEnum
|
Specifies the level of protection against tampering |
bypassDuration - ZtnaAlwaysOnTimeUpdateInput
|
Bypass disconnection duration |
description - String
|
|
devicePostureProfile - [DeviceProfileRefInput!]
|
Device Profile traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
enabled - Boolean
|
|
name - String
|
|
platform - [OperatingSystem!]
|
Source device Operating System traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
source - ZtnaAlwaysOnSourceUpdateInput
|
Source traffic matching criteria. Logical ‘OR’ is applied within the criteria set. Logical ‘AND’ is applied between criteria sets. |
Example
{
"action": "ENFORCE",
"allowFailOpen": false,
"allowUserBypass": false,
"antiTamperMode": "MONITOR",
"bypassDuration": ZtnaAlwaysOnTimeUpdateInput,
"description": "xyz789",
"devicePostureProfile": [DeviceProfileRefInput],
"enabled": true,
"name": "abc123",
"platform": ["ANDROID"],
"source": ZtnaAlwaysOnSourceUpdateInput
}
ZtnaAlwaysOnUpdateRuleInput
BetaFields
| Input Field | Description |
|---|---|
id - ID!
|
|
rule - ZtnaAlwaysOnUpdateRuleDataInput!
|
Example
{"id": 4, "rule": ZtnaAlwaysOnUpdateRuleDataInput}
ZtnaAppConnectorRef
BetaZtnaUsersLicense
BetaDescription
ZTNA remote users license
Fields
| Field Name | Description |
|---|---|
accounts - [PartnerZtnaUsersLicenseAccount!]!
|
Accounts that this license is assigned to (and the license usage within each account) |
description - String
|
|
expirationDate - DateTime!
|
License expiration date |
id - ID
|
The unique identifier for the license. If this value is not available, you can contact Cato Support, who may be able to assist in retrieving it. |
lastUpdated - DateTime
|
The date of the last update to the license |
plan - LicensePlan!
|
License plan type |
sku - LicenseSku!
|
The license SKU |
startDate - DateTime
|
License start date |
status - LicenseStatus!
|
License activation status |
total - Int!
|
The maximum amount of ZTNA users for the region. |
ztnaUsersLicenseGroup - ZtnaUsersLicenseGroup!
|
Specify a license group that you are limiting the number of ZTNA users |
Example
{
"accounts": [PartnerZtnaUsersLicenseAccount],
"description": "abc123",
"expirationDate": "2007-12-03T10:15:30Z",
"id": 4,
"lastUpdated": "2007-12-03T10:15:30Z",
"plan": "COMMERCIAL",
"sku": "CATO_ADSP_B",
"startDate": "2007-12-03T10:15:30Z",
"status": "ACTIVE",
"total": 987,
"ztnaUsersLicenseGroup": "CHINA"
}
ZtnaUsersLicenseAllocations
BetaDescription
Global ZTNA license usage and allocation across all accounts
Example
{"allocated": 987, "available": 987, "total": 123}
ZtnaUsersLicenseGroup
BetaDescription
Geographical regions that can be associated with a remote user license
Values
| Enum Value | Description |
|---|---|
|
|
Country with stand-alone licenses (not part of a group) |
|
|
Legacy group |
|
|
|
|
|
Legacy group |
|
|
Country with stand-alone licenses (not part of a group) |
|
|
Country with stand-alone licenses (not part of a group) |
Example
"CHINA"