Recent Content
Question regarding EntityID
Hi Team, We are working with a customer who needs to retrieve a list of users whose last connection exceeds one month. As advised by our Cato regional Sales Engineer, we are attempting to achieve this using the API in two steps: Use query entityLookup to obtain the EntityID (userID) Use query accountSnapshot to retrieve each user's last connection timestamp However, we're encountering a challenge due to API rate limits. The entityLookup query is limited to 30 requests per minute (or 1500 over 5 hours), which makes it impractical to retrieve EntityIDs for all 2600+ users in a reasonable timeframe. Below is the Python code we are currently using in our attempt: import requests import json from datetime import datetime, timedelta # Cato GraphQL endpoint URL url = "https://api.catonetworks.com/api/v1/graphql2" # HTTP headers와 API key headers = { "Content-Type": "application/json", "x-api-key": "Our client API key" } # Query 1: EntityID(UserID) API 명령문 query1 = """ query AllMyRemoteUsers { entityLookup(accountID:4265, type: vpnUser) { items { entity { id name } description } total } } """ # Query 1 실행 payload = { "query": query1 } response = requests.post(url, json=payload, headers=headers) data = response.json() # EntityID 추출 userIDs = [] try: items = data['data']['entityLookup']['items'] for item in items: user_id = int(item['entity']['id']) userIDs.append(user_id) except KeyError as e: print(f"Error parsing response: {e}") print(json.dumps(data, indent=2)) print(userIDs) # GraphQL EntityID list string으로 생성 user_id_list_str = ",".join(str(uid) for uid in userIDs) print("EntityID 추출 완료") # Query 2: accountSnapshot API 명령문 query2 = f""" query accountSnapshot {{ accountSnapshot(accountID: 4265) {{ users(userIDs:[{user_id_list_str}]) {{ info {{ name email phoneNumber status authMethod origin }} lastConnected version }} }} }} """ # Query 2 실행 payload = { "query": query2 } response = requests.post(url, json=payload, headers=headers) from datetime import datetime, timedelta # query2 Json reponse 파싱 result = response.json() # 한달간 접속이력이 없었던 사용자 정보 출력 cutoff_date = datetime.utcnow() - timedelta(days=30) import csv # Prepare list to hold all rows to be saved csv_rows = [] try: users = result['data']['accountSnapshot']['users'] for user in users: last_connected_str = user.get('lastConnected') if last_connected_str: last_connected = datetime.strptime(last_connected_str, "%Y-%m-%dT%H:%M:%SZ") if last_connected > cutoff_date: name = user['info']['name'] email = user['info']['email'] csv_rows.append([name, email, last_connected.strftime("%Y-%m-%d %H:%M:%S")]) except KeyError as e: print(f"Error extracting user data: {e}") # Save to CSV csv_file_path = "한달간 접속이력 없는 사용자.csv" with open(csv_file_path, mode='w', newline='', encoding='utf-8') as file: writer = csv.writer(file) writer.writerow(["Name", "Email", "Last Connected"]) writer.writerows(csv_rows) print(f"\nCSV file이 저장되었습니다: {csv_file_path}") On line 57, you can see that we need to put all the EntityID(UserID) to check each Users Last connection info. But because of entityLookup's limit, it only put 30 SDP user's EntityID. Could you please provide us if there is any other way to get all the EntityID(userID) by using API so we can list the users according to the Last connection? Best regards,26Views0likes2CommentsDevice posture basis domain name
One of the issue we raised during Cato Connect program was around device posture policy basis domain and it was clarified that this falls under advanced configuration and can be done by support/CSM team. I raised ticket for the same and the response was that they can apply but from backend and at account level. I want to exclude some of my senior management from this policy but it is not feasible now since done at account level. Also I cant do testing by applying this device posture basis domain for some 2-3 users to see if it works properly and also no option from frontend to disable if there is any issue and totally depend on service ticket and backend team. This makes this good policy not to be deployed as it has potential risk since neither testing can be done nor exclusion can be done unlike any other device posture policy since policy deployed from backend and deployed at account level.25Views0likes4CommentsAPI call to return number of current SDP sessions?
I was wondering if there is an API call to return the number of current SDP sessions? I am able to return the list of connected sessions and count them, but I was wondering if there is a more direct way to just return the number directly. Thanks.39Views2likes1CommentSetting up SSO with IdPs other than the default nine?
I would like to ask about the possibilities of setting up SSO integration with Identity Providers (IdPs) that are not among the nine default options provided. What methods are available for establishing SSO connections with IdPs beyond the default nine? Is there a way to configure a generic IdP setting, or can we leverage the existing nine IdP configurations to connect with other IdPs? Additionally, is there a process to request a new IdP to be officially supported or added as a connection option? Any insights or guidance on this would be greatly appreciated. Thank you. Sincerely, hisashi20Views0likes1CommentRegarding files allowed by Anti-malware File Exceptions
We defined an exception using a file hash in the File Exceptions setting, and the corresponding file is now downloadable. However, no event log appears for this File Exception in the Events page. Is this the expected behavior?14Views0likes2CommentsEvent Integration - Secureworks Taegis
I opened a support case and was directed to post here instead. We are attempting to setup an event integration from Cato to Secureworks Taegis following this KB: Integrating Cato Events with AWS S3 – Cato Learning Center but when we get to the point of entering the bucket name, we are unable because Secureworks provides an S3 alias and not a bucket name. The Cato portal specifically prevents using an alias. How can we get this integration configured?54Views1like3CommentsBypassing Cato via WAN Bypass and Split Tunnel
We need to add around 200 subnets to bypass Cato. My understanding is that they need to be added to all sites under the Site Configuration/Router/Bypass/Destination and for all SDP users via Access/Client Access Control/Split Tunnel policy. We have nearly 90 sites. Manually adding 200 subnets to 90 sites doesn't seem like a good time. Is this possible via the API? If so, can you point me toward the correct commands.58Views2likes3CommentsAWS can't reach Private IP - Cato Client Windows
Hi, on my PC I have the Cato Client to connect to Cato Network. We have a connection with a virtual appliance in AWS in one account. In this account there is a TGW that connect other accounts. I can' reach the private IP of AWS accounts, but all networks are routed in Cato Configuration, TGW and VPC route tables seems ok....The source/destination check is disabled for LAN interface, the client subnet 10.41.0.0/16 is associated to subnet route table, tgw route table and there is also in the other account's route tables..... But the traffic is not going well..... any suggestion ? Many thanks Dario10Views0likes1Comment