We strongly recommend that before you start using the Cato API, please review the Support Policy for the Cato API.
Overview
Cato APIs provide the ability to easily retrieve detailed information regarding your account from the Cato Cloud. This allows you to integrate with any other data stack that may operate within your business environment. The APIs provide a wide variety of functions, data fields, and types for better monitoring capabilities and visualization using the GraphQL API language.
This article contains example Python scripts for running various Cato API calls. Each script has multiple flags and parameters available. It is recommended to read the comments in each script to understand full functionality.
Please note that all scripts provided in this article are for reference only, as an example of what can be achieved with the Cato API.
accountMetrics
The accountMetrics query helps you analyze the state (and quality) of the connections of sites/users to the Cato Cloud. This data is for the traffic inside the DTLS tunnel between the site and the Cato Cloud.
accountMetrics shows real-time and historical metrics, statistics, and analytics for the account. Returns data that is similar to the Network Analytics screen for a site in the Cato Management Application.
An example accountMetrics python script can be found here:
accountSnapshot
The metrics field returned by the accountSnapshot API call has been deprecated. Please use the accountMetrics.py script to obtain metrics.
accountSnapshot provides snapshot-based metrics that show near real‑time data for the account. This call provides analytics that are similar to the Topology page for the account.
An example accountSnapshot python script can be found here:
appStats
The appStats query returns data for application traffic. The example script takes as input an API key, account ID, timeframe, dimension, and list of measures, and returns the output of a simple appStats query. A complete implementation of appStats, offers options for filtering and sorting as well as multiple dimensions and measures.
An example appStats python script can be found here:
auditFeed
The auditFeed query helps you analyze actions taken by admins in the Cato Management Application. The data that this query returns is similar to the Administration > Audit Trail window in the Cato Management Application.
An example auditFeed python script can be found here:
entityLookup
The entityLookup query works with Cato Management Application entities such as sites and users. The query can help you look up an entity name to return the specific ID, and automatically extract a list of entities in the account. Each entity is returned with additional relevant information, such as the creation date and the description.
An example entityLookup python script can be found here:
events
The events query returns a count of events generated within a specific timeframe, broken down by a specific field. By default the example script returns the counts by event_type for the past 60 minutes.
This example events python script is not a complete implementation of the events API call:
eventsFeed
The eventsFeed query helps you analyze events generated by activities related to networking, security, Sockets, Cato Clients, and more. The event data that this query returns is similar to the Monitoring > Events window in the Cato Management Application.
The eventsFeed query helps you collect and analyze events generated by activities related to networking, security, Sockets, Cato Clients, and more. This reference script is aligned with Cato recommendations and best practices, including using the feed marker correctly and enabling compression for the response.
The events data that this query returns is similar to the Monitoring > Events page in the Cato Management Application. The events data can also be sent directly to your cloud storage for AWS S3 bucket and Azure storage account.
For guidelines on SIEM integration using Cato events, refer to Third-Party Supported Integrations for Cato Data.
An example eventsFeed python script can be found here:
SiteMutation
There are several scripts for the mutation APIs that you can use to create and configure sites. For example, the addSocketSite script takes as input an API key, account ID and various parameters to create a new Socket site.
These are the sample python scripts for SiteMutation:
XDR Stories
The Stories query returns data for XDR Security and Network stories. The example script takes as input an API key, account ID, timeframe, dimension, and list of measures, and returns the XDR stories updated during that timeframe.
An example Stories python script can be found here:
- accountMetrics.py8 KB
- removeSite.py8 KB
- addSocketSite.py9 KB
- addStaticHost.py9 KB
- auditFeed.py7 KB
- accountSnapshot.py10 KB
- appStats.py8 KB
- events.py9 KB
- eventsFeed.py20 KB
- entityLookup.py6 KB
- xdr_stories.py.zip5 KB
3 comments
Updated sample Python scripts. Added versioning to the scripts, starting with version 1.0.
The comments at the beginning of each script show the current version and the changelog.
Updated these Python scripts to include new fields and remove deprecated ones: accountMetrics, accountSnapshot, auditFeed, entityLookup, and eventsFeed
Added new sample Python scripts: events, removeSite, addSocketSite, addStaticHost, appStats
Updated the addSocketSite script to v1.0.2
Please sign in to leave a comment.