Recent Discussions
Bypassing Cato via WAN Bypass and Split Tunnel
We need to add around 200 subnets to bypass Cato. My understanding is that they need to be added to all sites under the Site Configuration/Router/Bypass/Destination and for all SDP users via Access/Client Access Control/Split Tunnel policy. We have nearly 90 sites. Manually adding 200 subnets to 90 sites doesn't seem like a good time. Is this possible via the API? If so, can you point me toward the correct commands.
How to Delete VPN Users via GraphQL API
Greetings, I'm working on automating user cleanup and am attempting to delete inactive VPN users via the Cato API. According to the API conventions, I assumed the following mutation would work to remove users from our account: Sorry for the poor formatting. mutation deleteEntities($accountID: ID!, $entityIDs: [ID!]!) { deleteEntities(accountID: $accountID, entityIDs: $entityIDs) { success failed { userID reason } } } I'm calling it in Python with: delete_variables = { "accountID": account_id, "entityIDs": [uid] } delete_response = requests.post(API_URL, headers=HEADERS, json={ "query": delete_mutation, "variables": delete_variables }) However, I receive the following error in the response: { "errors": [ { "message": "Cannot query field 'deleteEntities' on type 'Mutation'.", "extensions": { "code": "GRAPHQL_VALIDATION_FAILED" } } ], "data": null } What I am trying to figure out is: Is deleteEntities a valid mutation for deleting VPN users? If not, what is the correct GraphQL mutation for deleting users? Thank you guys!
Question regarding EntityID
Hi Team, We are working with a customer who needs to retrieve a list of users whose last connection exceeds one month. As advised by our Cato regional Sales Engineer, we are attempting to achieve this using the API in two steps: Use query entityLookup to obtain the EntityID (userID) Use query accountSnapshot to retrieve each user's last connection timestamp However, we're encountering a challenge due to API rate limits. The entityLookup query is limited to 30 requests per minute (or 1500 over 5 hours), which makes it impractical to retrieve EntityIDs for all 2600+ users in a reasonable timeframe. Below is the Python code we are currently using in our attempt: import requests import json from datetime import datetime, timedelta # Cato GraphQL endpoint URL url = "https://api.catonetworks.com/api/v1/graphql2" # HTTP headers와 API key headers = { "Content-Type": "application/json", "x-api-key": "Our client API key" } # Query 1: EntityID(UserID) API 명령문 query1 = """ query AllMyRemoteUsers { entityLookup(accountID:4265, type: vpnUser) { items { entity { id name } description } total } } """ # Query 1 실행 payload = { "query": query1 } response = requests.post(url, json=payload, headers=headers) data = response.json() # EntityID 추출 userIDs = [] try: items = data['data']['entityLookup']['items'] for item in items: user_id = int(item['entity']['id']) userIDs.append(user_id) except KeyError as e: print(f"Error parsing response: {e}") print(json.dumps(data, indent=2)) print(userIDs) # GraphQL EntityID list string으로 생성 user_id_list_str = ",".join(str(uid) for uid in userIDs) print("EntityID 추출 완료") # Query 2: accountSnapshot API 명령문 query2 = f""" query accountSnapshot {{ accountSnapshot(accountID: 4265) {{ users(userIDs:[{user_id_list_str}]) {{ info {{ name email phoneNumber status authMethod origin }} lastConnected version }} }} }} """ # Query 2 실행 payload = { "query": query2 } response = requests.post(url, json=payload, headers=headers) from datetime import datetime, timedelta # query2 Json reponse 파싱 result = response.json() # 한달간 접속이력이 없었던 사용자 정보 출력 cutoff_date = datetime.utcnow() - timedelta(days=30) import csv # Prepare list to hold all rows to be saved csv_rows = [] try: users = result['data']['accountSnapshot']['users'] for user in users: last_connected_str = user.get('lastConnected') if last_connected_str: last_connected = datetime.strptime(last_connected_str, "%Y-%m-%dT%H:%M:%SZ") if last_connected > cutoff_date: name = user['info']['name'] email = user['info']['email'] csv_rows.append([name, email, last_connected.strftime("%Y-%m-%d %H:%M:%S")]) except KeyError as e: print(f"Error extracting user data: {e}") # Save to CSV csv_file_path = "한달간 접속이력 없는 사용자.csv" with open(csv_file_path, mode='w', newline='', encoding='utf-8') as file: writer = csv.writer(file) writer.writerow(["Name", "Email", "Last Connected"]) writer.writerows(csv_rows) print(f"\nCSV file이 저장되었습니다: {csv_file_path}") On line 57, you can see that we need to put all the EntityID(UserID) to check each Users Last connection info. But because of entityLookup's limit, it only put 30 SDP user's EntityID. Could you please provide us if there is any other way to get all the EntityID(userID) by using API so we can list the users according to the Last connection? Best regards,
Reporting on Max amount of licenses reached
It's rather embarrassing to run out of SDP licenses as it provides for a negative new joiner experience when their Cato connection won't come up as expected. As Cato in their wisdom has decided there is no need to alert admins when the license count is reached (they'd probably rather we waste money purchasing a sufficient surplus of said licenses), is there a way to use the API to query for this status? Yes, I submitted an RMA for this last year that went nowhere. And yes, I know we can probably hack something together on our end that statically compares the number of licenses to the membership count in our provisioning groups. But this feels like it should be a basic feature of a SaaS service, especially as there is a hard stop when the license count is reached.Event Integration - Secureworks Taegis
I opened a support case and was directed to post here instead. We are attempting to setup an event integration from Cato to Secureworks Taegis following this KB: Integrating Cato Events with AWS S3 – Cato Learning Center but when we get to the point of entering the bucket name, we are unable because Secureworks provides an S3 alias and not a bucket name. The Cato portal specifically prevents using an alias. How can we get this integration configured?Pull network rules via API
Hi community, I am trying to pull network settings for several sites. To be more precise, I would like to create a list of bypass rules per site. I tried the following query with empty results: query entityLookup ($accountID: ID!, $type: EntityType!, $parent: EntityInput!) { entityLookup (accountID: $accountID, type: $type, parent: $parent) { items { entity { id name type } description helperFields } } } { "accountID": "{{accountID}}", "type": "localRouting", "parent": { "id": 0, "type": "site" } } Other "type" like lanFirewall worked. Any suggestions how to proceed and get details about bypass ruleset per site?
Updating Firewall Rules with Bulk Addresses/Domains
I am new to learning how to programmatically configure using API but running across a few stumbling blocks. If there are some basic examples of showing how to use the API to do perform common tasks such as updating firewall rules that would be fantastic. I have been using the Cato API Explorer in docker, the GraphGL Explorer , API documentation but my experience using APIs is slowing me down. Task to Accomplish We have a large amount of domains that we would like to block into a specific internet firewall rule. Question What are the steps and different queries and mutations I need to make this happen? How do I update the destinations without deleting the existing destination domains that are already there? Issues locked a firewall rule from editing, due to not knowing what prerequisites were needed such as queries/mutations. (This is resolved after doing a publishPolicyRevision mutation) testing with a single destination domain replaces all of the existing destination domains that were already present instead of appending a new one My response shows all rules with name and dest. domains even though only the specific rule ID is being updated. Current Config mutation RuleUpdate { policy(accountId: "xxx") { internetFirewall { createPolicyRevision( input: {name: "Dest-Domain-Updates", description: "Dest Domain Update"} ) { policy { audit { publishedBy publishedTime } revision { changes createdTime description id name updatedTime } rules { rule { destination { domain } } } } } updateRule( input: {id: "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", rule: {destination: {domain: "[123testdomain.com"}}} ) { errors { errorCode errorMessage } } publishPolicyRevision(input: {name: "Dest-Domain-Updates"}) { policy { rules { rule { destination { domain } } } } } } } } Goal Further the use of the API to make config changes and create objects within CMA, especially bulk items.
