query xdrStory ( $accountID:ID! $storyId:ID $producer:StoryProducerEnum $incidentId:ID) {
	xdr ( accountID:$accountID ) {
		story ( storyId:$storyId  producer:$producer  incidentId:$incidentId  )  {
id {
	id
	status
	description
	firstSignal
	lastSignal
	engineType
	vendor
	producer
	producerName
	connectionType
	indication
	queryName
	source
	criticality
	ticket
	research
	siteName
	storyDuration
	analystFeedback {
		verdict
		severity
		threatClassification
		additionalInfo
		threatType {
			name
			recommendedAction
			details
		}
	}
	site {
		id
		name
	}
	user {
		id
		name
	}
	similarStoriesData {
		storyId
		threatTypeName
		verdict
		threatClassification
		similarityPercentage
		indication
	}
	networkIncidentTimeline {
		description
		created
		validated
		eventType
		incidentId
		networkEventSource
		eventIds
		acknowledged
		linkId
		linkName
		linkConfigPrecedence
		linkStatus
		linkConfigBandwidth
		deviceConfigHaRole
		deviceHaRoleState
		socketSerialId
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		linkQualityIssue {
			issueType
			direction
			current
			threshold
		}
	}
	bgpConnection {
		connectionName
		peerIp
		peerAsn
		catoIp
		catoAsn
	}
	ilmmDetails {
		linkDetails {
			description
			linkId
			ispLinkId
			comments
			onboardingStatus
			activeLicense
		}
		ispDetails {
			name
			description
			ispAccountId
			supportEmail
			supportPhone
			countryCode
			loaFile {
				fileName
				fileHash
				uploadedAt
			}
		}
		contacts {
			name
			phone
			email
		}
	}
}
			accountId
			analystName
			analystEmail
			accountName
			updatedAt
			createdAt
			playbook
summary {
	id
	route
	community {
		from
		to
	}
}
			incident {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
				criticality
	source {
		id
		createdDateTime
		remediationStatus
		remediationStatusDetails
		tags
		roles
		verdict
		action
		processId
		processCommandLine
		imageFile {
			name
			path
			size
			sha1
			sha256
			md5
			issuer
			signer
			publisher
		}
		userAccount {
			__typename
			... on MicrosoftEndpointUser {
				id
				name
				userSid
				accountName
				domainName
				principalName
			}
			... on CatoEndpointUser {
				id
				name
			}
		}
	}
				ticket
	status {
		rawStatus
		status
	}
				research
				siteName
	storyDuration {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
				description
				sourceIp
				analystFeedback {
					verdict
					severity
					threatType {
						name
						recommendedAction
	details {
		id
		deviceName
		externalIp
		localIp
		firstSeenDateTime
		avStatus
		healthStatus
		ipInterfaces
		azureAdDeviceId
		onboardingStatus
		osDetails {
			osType
			osBuild
			osVersion
		}
		loggedOnUsers {
			__typename
			... on MicrosoftEndpointUser {
				id
				name
				userSid
				accountName
				domainName
				principalName
			}
			... on CatoEndpointUser {
				id
				name
			}
		}
		rbacGroup {
			id
			name
		}
	}
					}
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
					additionalInfo
				}
				site {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
					name
				}
				user {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
					name
				}
				predictedVerdict
				predictedThreatType
				... on MicrosoftEndpoint {
					similarStoriesData {
	storyId {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
	threatTypeName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						verdict
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						similarityPercentage
						indication
					}
					device {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
						deviceName
						osDetailsMicrosoftDeviceDetails: osDetails {
							osType
							osBuild
							osVersion
						}
						loggedOnUsersMicrosoftDeviceDetails: loggedOnUsers {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							name
							... on MicrosoftEndpointUser {
								userSid
								accountName
								domainName
								principalName
							}
							... on CatoEndpointUser {
		id {
			id
			status
			description
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
			source
			criticality
			ticket
			research
			siteName
			storyDuration
			analystFeedback {
				verdict
				severity
				threatClassification
				additionalInfo
				threatType {
					name
					recommendedAction
					details
				}
			}
			site {
				id
				name
			}
			user {
				id
				name
			}
			similarStoriesData {
				storyId
				threatTypeName
				verdict
				threatClassification
				similarityPercentage
				indication
			}
			networkIncidentTimeline {
				description
				created
				validated
				eventType
				incidentId
				networkEventSource
				eventIds
				acknowledged
				linkId
				linkName
				linkConfigPrecedence
				linkStatus
				linkConfigBandwidth
				deviceConfigHaRole
				deviceHaRoleState
				socketSerialId
				bgpConnection {
					connectionName
					peerIp
					peerAsn
					catoIp
					catoAsn
				}
				linkQualityIssue {
					issueType
					direction
					current
					threshold
				}
			}
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			ilmmDetails {
				linkDetails {
					description
					linkId
					ispLinkId
					comments
					onboardingStatus
					activeLicense
				}
				ispDetails {
					name
					description
					ispAccountId
					supportEmail
					supportPhone
					countryCode
					loaFile {
						fileName
						fileHash
						uploadedAt
					}
				}
				contacts {
					name
					phone
					email
				}
			}
		}
								name
							}
						}
	externalIp {
		id
		name
	}
						localIp
						firstSeenDateTime
						avStatusMicrosoftDeviceDetails: avStatus
						healthStatusMicrosoftDeviceDetails: healthStatus
						rbacGroupMicrosoftDeviceDetails: rbacGroup {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							name
						}
						ipInterfaces
						azureAdDeviceId
						onboardingStatusMicrosoftDeviceDetails: onboardingStatus
					}
					alerts {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
						title
						description
	threatName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						mitreTechniqueMicrosoftDefenderEndpointAlert: mitreTechnique {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							name
						}
						mitreSubTechniqueMicrosoftDefenderEndpointAlert: mitreSubTechnique {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							name
						}
						createdDateTime
						resourcesMicrosoftDefenderEndpointAlert: resources {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							createdDateTime
							remediationStatus
							remediationStatusDetails
							tags
	roles {
		total
		items {
			id
			name
			description
			isPredefined
		}
	}
							verdict
							... on MicrosoftProcessResource {
								action
								processId
								processCommandLine
								imageFile {
									name
									path
									size
									sha1
									sha256
									md5
									issuer
									signer
									publisher
								}
								userAccount {
		id {
			id
			status
			description
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
			source
			criticality
			ticket
			research
			siteName
			storyDuration
			analystFeedback {
				verdict
				severity
				threatClassification
				additionalInfo
				threatType {
					name
					recommendedAction
					details
				}
			}
			site {
				id
				name
			}
			user {
				id
				name
			}
			similarStoriesData {
				storyId
				threatTypeName
				verdict
				threatClassification
				similarityPercentage
				indication
			}
			networkIncidentTimeline {
				description
				created
				validated
				eventType
				incidentId
				networkEventSource
				eventIds
				acknowledged
				linkId
				linkName
				linkConfigPrecedence
				linkStatus
				linkConfigBandwidth
				deviceConfigHaRole
				deviceHaRoleState
				socketSerialId
				bgpConnection {
					connectionName
					peerIp
					peerAsn
					catoIp
					catoAsn
				}
				linkQualityIssue {
					issueType
					direction
					current
					threshold
				}
			}
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			ilmmDetails {
				linkDetails {
					description
					linkId
					ispLinkId
					comments
					onboardingStatus
					activeLicense
				}
				ispDetails {
					name
					description
					ispAccountId
					supportEmail
					supportPhone
					countryCode
					loaFile {
						fileName
						fileHash
						uploadedAt
					}
				}
				contacts {
					name
					phone
					email
				}
			}
		}
									name
									... on MicrosoftEndpointUser {
		id {
			id
			status
			description
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
			source
			criticality
			ticket
			research
			siteName
			storyDuration
			analystFeedback {
				verdict
				severity
				threatClassification
				additionalInfo
				threatType {
					name
					recommendedAction
					details
				}
			}
			site {
				id
				name
			}
			user {
				id
				name
			}
			similarStoriesData {
				storyId
				threatTypeName
				verdict
				threatClassification
				similarityPercentage
				indication
			}
			networkIncidentTimeline {
				description
				created
				validated
				eventType
				incidentId
				networkEventSource
				eventIds
				acknowledged
				linkId
				linkName
				linkConfigPrecedence
				linkStatus
				linkConfigBandwidth
				deviceConfigHaRole
				deviceHaRoleState
				socketSerialId
				bgpConnection {
					connectionName
					peerIp
					peerAsn
					catoIp
					catoAsn
				}
				linkQualityIssue {
					issueType
					direction
					current
					threshold
				}
			}
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			ilmmDetails {
				linkDetails {
					description
					linkId
					ispLinkId
					comments
					onboardingStatus
					activeLicense
				}
				ispDetails {
					name
					description
					ispAccountId
					supportEmail
					supportPhone
					countryCode
					loaFile {
						fileName
						fileHash
						uploadedAt
					}
				}
				contacts {
					name
					phone
					email
				}
			}
		}
										name
										userSid
										accountName
										domainName
										principalName
									}
									... on CatoEndpointUser {
		id {
			id
			status
			description
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
			source
			criticality
			ticket
			research
			siteName
			storyDuration
			analystFeedback {
				verdict
				severity
				threatClassification
				additionalInfo
				threatType {
					name
					recommendedAction
					details
				}
			}
			site {
				id
				name
			}
			user {
				id
				name
			}
			similarStoriesData {
				storyId
				threatTypeName
				verdict
				threatClassification
				similarityPercentage
				indication
			}
			networkIncidentTimeline {
				description
				created
				validated
				eventType
				incidentId
				networkEventSource
				eventIds
				acknowledged
				linkId
				linkName
				linkConfigPrecedence
				linkStatus
				linkConfigBandwidth
				deviceConfigHaRole
				deviceHaRoleState
				socketSerialId
				bgpConnection {
					connectionName
					peerIp
					peerAsn
					catoIp
					catoAsn
				}
				linkQualityIssue {
					issueType
					direction
					current
					threshold
				}
			}
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			ilmmDetails {
				linkDetails {
					description
					linkId
					ispLinkId
					comments
					onboardingStatus
					activeLicense
				}
				ispDetails {
					name
					description
					ispAccountId
					supportEmail
					supportPhone
					countryCode
					loaFile {
						fileName
						fileHash
						uploadedAt
					}
				}
				contacts {
					name
					phone
					email
				}
			}
		}
										name
									}
								}
							}
							... on MicrosoftFileResource {
								fileDetails {
									name
									path
									size
									sha1
									sha256
									md5
									issuer
									signer
									publisher
								}
								detectionStatus
							}
							... on MicrosoftRegistryResource {
		hive {
			location {
				id
				type
				name
				description
				businessUnit
				archived
				account {
					id
					name
				}
				details {
					companyName
					vatId
					shippingLocation
					postalAddress {
						street
						cityName
						stateName
						zipCode
						addressValidated
						country
					}
					contact {
						name
						phone
						email
					}
				}
				audit {
					updatedTime
					updatedBy {
						__typename
						... on AdminRef {
						}
						... on ApiKeyRef {
						}
					}
				}
			}
		}
		key {
			measureFieldName
			dimensions {
				value
				fieldName
			}
		}
		value {
			__typename
			... on StringValue {
				string
			}
			... on DateValue {
				date
			}
			... on Entity {
				id
				name
				type
			}
		}
		valueName {
			__typename
			... on StringValue {
				string
			}
			... on DateValue {
				date
			}
			... on Entity {
				id
				name
				type
			}
		}
		valueType {
			__typename
			... on StringValue {
				string
			}
			... on DateValue {
				date
			}
			... on Entity {
				id
				name
				type
			}
		}
							}
							... on MicrosoftNetworkResource {
								action
								dnsRequest
								dnsResponse
								destinationIp
								destinationPort
								sourcePort
								url
		method {
			value
			accessMethod
			operator
			valueSet {
				id
				name
			}
		}
							}
						}
						activitiesMicrosoftDefenderEndpointAlert: activities {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							resourceId
							parentResourceId
							action
							firstActivityDateTime
							lastActivityDateTime
						}
						criticality
	externalIp {
		id
		name
	}
						localIp
	comments {
		comment {
			id
			createdAt
			text
			actor {
				__typename
				... on AdminRef {
					id
					name
				}
				... on ApiKeyRef {
					id
					name
				}
			}
		}
	}
						recommendedActions
	category {
		id
		name
	}
						ownerName
	threatFamilyName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
	threatType {
		name
		recommendedAction
		details
	}
						resolvedDateTime
						firstActivityDateTime
						lastActivityDateTime
						lastUpdateDateTime
						destinationIp
						destinationUrl
	statusMicrosoftDefenderEndpointAlert: status {
		rawStatus
		status
	}
						providerAlertId
						alertWebUrl
						determinationMicrosoftDefenderEndpointAlert: determination
						detectionSourceMicrosoftDefenderEndpointAlert: detectionSource
						classificationMicrosoftDefenderEndpointAlert: classification
					}
				}
				... on AnomalyStats {
					similarStoriesData {
	storyId {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
	threatTypeName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						verdict
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						similarityPercentage
						indication
					}
					srcSiteId
	os {
		osType
		osBuild
		osVersion
	}
					deviceName
					macAddress
					logonName
					clientClass
					drillDownFilter {
						name
	value {
		__typename
		... on StringValue {
			string
		}
		... on DateValue {
			date
		}
		... on Entity {
			id
			name
			type
		}
	}
	values {
		container {
			id
			name
			description
			size
			audit {
				createdAt
				createdBy
				lastModifiedBy
				lastModifiedAt
			}
		}
	}
					}
					breakdownField
					subjectType
					extra {
						name
	type {
		name
		recommendedAction
		details
	}
	value {
		__typename
		... on StringValue {
			string
		}
		... on DateValue {
			date
		}
		... on Entity {
			id
			name
			type
		}
	}
					}
					gaussian {
						std
	ss {
		id
		createdDateTime
		remediationStatus
		remediationStatusDetails
		tags
		roles
		verdict
		action
		processId
		processCommandLine
		imageFile {
			name
			path
			size
			sha1
			sha256
			md5
			issuer
			signer
			publisher
		}
		userAccount {
			__typename
			... on MicrosoftEndpointUser {
				id
				name
				userSid
				accountName
				domainName
				principalName
			}
			... on CatoEndpointUser {
				id
				name
			}
		}
	}
						z_score
						avg
	n {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		device {
			id
			deviceName
			externalIp
			localIp
			firstSeenDateTime
			avStatus
			healthStatus
			ipInterfaces
			azureAdDeviceId
			onboardingStatus
			osDetails {
				osType
				osBuild
				osVersion
			}
			loggedOnUsers {
				__typename
				... on MicrosoftEndpointUser {
					id
					name
					userSid
					accountName
					domainName
					principalName
				}
				... on CatoEndpointUser {
					id
					name
				}
			}
			rbacGroup {
				id
				name
			}
		}
		alerts {
			id
			description
			status
			title
			threatName
			createdDateTime
			criticality
			externalIp
			localIp
			comments
			recommendedActions
			category
			ownerName
			threatFamilyName
			threatType
			resolvedDateTime
			firstActivityDateTime
			lastActivityDateTime
			mitreTechnique {
				id
				name
			}
			mitreSubTechnique {
				id
				name
			}
			resources {
				__typename
				... on MicrosoftProcessResource {
					id
					createdDateTime
					remediationStatus
					remediationStatusDetails
					tags
					roles
					verdict
					action
					processId
					processCommandLine
				}
				... on MicrosoftFileResource {
					id
					createdDateTime
					remediationStatus
					remediationStatusDetails
					tags
					roles
					verdict
					fileDetails
					detectionStatus
				}
				... on MicrosoftRegistryResource {
					id
					createdDateTime
					remediationStatus
					remediationStatusDetails
					tags
					roles
					verdict
					hive
					key
					value
				}
				... on MicrosoftNetworkResource {
					id
					createdDateTime
					remediationStatus
					remediationStatusDetails
					tags
					roles
					verdict
					action
					dnsRequest
					dnsResponse
				}
			}
			activities {
				id
				resourceId
				parentResourceId
				action
				firstActivityDateTime
				lastActivityDateTime
			}
		}
	}
					}
					metric {
						name
	value {
		__typename
		... on StringValue {
			string
		}
		... on DateValue {
			date
		}
		... on Entity {
			id
			name
			type
		}
	}
					}
					metricDetails {
						name
	units {
		id
		predicate
		community {
			from
			to
		}
	}
					}
					mitres {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
						name
					}
	rules {
		ip
		subnet
		user {
			id
			name
		}
		floatingSubnet {
			id
			name
		}
		globalIpRange {
			id
			name
		}
		group {
			id
			name
		}
		host {
			id
			name
		}
		ipRange {
			from
			to
		}
		networkInterface {
			id
			name
		}
		site {
			id
			name
		}
	}
					timeSeries {
	data {
		paging {
			from
			limit
			total
		}
		items {
			id
			updatedAt
			createdAt
			accountId
			analystName
			analystEmail
			accountName
			playbook
			summary
			incident {
				__typename
				... on MicrosoftEndpoint {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on AnomalyStats {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on AnomalyEvents {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on Threat {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on ThreatPrevention {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
			}
			timeline {
				createdAt
				description
				type
				context
				descriptions
				category
				additionalInfo
				analystInfo {
					name
					email
				}
			}
		}
	}
	groupBy {
		id
		name
		description
		membersCount
		audit {
			updatedTime
			updatedBy {
				__typename
				... on AdminRef {
					id
					name
				}
				... on ApiKeyRef {
					id
					name
				}
			}
		}
		members {
			items {
				id
				name
				type
			}
			paging {
				total
			}
		}
		membersCountPerType {
			type
			membersCount
		}
	}
						label
	sum {
		id
		route
		community {
			from
			to
		}
	}
	unitsIncidentTimeseries: units {
		id
		predicate
		community {
			from
			to
		}
	}
	info {
		name
		email
	}
						keyIncidentTimeseries: key {
							measureFieldName
							dimensions {
								fieldName
		value {
			__typename
			... on StringValue {
				string
			}
			... on DateValue {
				date
			}
			... on Entity {
				id
				name
				type
			}
		}
							}
						}
					}
					targets {
	typeIncidentTargetRep: type {
		name
		recommendedAction
		details
	}
						name
						analysisScore
						infectionSource
	threatReference {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						catoPopularity
	threatFeeds {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						creationTime
						categories
						countryOfRegistration
						searchHits
						engines
						eventDataIncidentTargetRep: eventData {
							signatureId
	eventType {
		signatureId
		eventType
		threatType
		threatName
		severity
		action
		ruleId
		virusName
		scanResult
		appId
		appName
		dnsProtectionCategory
	}
	threatType {
		name
		recommendedAction
		details
	}
	threatName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
							severity
							action
							ruleId
							virusName
							scanResult
							appId
							appName
							dnsProtectionCategory
						}
					}
					direction
				}
				... on AnomalyEvents {
					similarStoriesData {
	storyId {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
	threatTypeName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						verdict
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						similarityPercentage
						indication
					}
					srcSiteId
	os {
		osType
		osBuild
		osVersion
	}
					deviceName
					macAddress
					logonName
					clientClass
					drillDownFilter {
						name
	value {
		__typename
		... on StringValue {
			string
		}
		... on DateValue {
			date
		}
		... on Entity {
			id
			name
			type
		}
	}
	values {
		container {
			id
			name
			description
			size
			audit {
				createdAt
				createdBy
				lastModifiedBy
				lastModifiedAt
			}
		}
	}
					}
					breakdownField
					subjectType
					extra {
						name
	type {
		name
		recommendedAction
		details
	}
	value {
		__typename
		... on StringValue {
			string
		}
		... on DateValue {
			date
		}
		... on Entity {
			id
			name
			type
		}
	}
					}
					gaussian {
						std
	ss {
		id
		createdDateTime
		remediationStatus
		remediationStatusDetails
		tags
		roles
		verdict
		action
		processId
		processCommandLine
		imageFile {
			name
			path
			size
			sha1
			sha256
			md5
			issuer
			signer
			publisher
		}
		userAccount {
			__typename
			... on MicrosoftEndpointUser {
				id
				name
				userSid
				accountName
				domainName
				principalName
			}
			... on CatoEndpointUser {
				id
				name
			}
		}
	}
						z_score
						avg
	n {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		device {
			id
			deviceName
			externalIp
			localIp
			firstSeenDateTime
			avStatus
			healthStatus
			ipInterfaces
			azureAdDeviceId
			onboardingStatus
			osDetails {
				osType
				osBuild
				osVersion
			}
			loggedOnUsers {
				__typename
				... on MicrosoftEndpointUser {
					id
					name
					userSid
					accountName
					domainName
					principalName
				}
				... on CatoEndpointUser {
					id
					name
				}
			}
			rbacGroup {
				id
				name
			}
		}
		alerts {
			id
			description
			status
			title
			threatName
			createdDateTime
			criticality
			externalIp
			localIp
			comments
			recommendedActions
			category
			ownerName
			threatFamilyName
			threatType
			resolvedDateTime
			firstActivityDateTime
			lastActivityDateTime
			mitreTechnique {
				id
				name
			}
			mitreSubTechnique {
				id
				name
			}
			resources {
				__typename
				... on MicrosoftProcessResource {
					id
					createdDateTime
					remediationStatus
					remediationStatusDetails
					tags
					roles
					verdict
					action
					processId
					processCommandLine
				}
				... on MicrosoftFileResource {
					id
					createdDateTime
					remediationStatus
					remediationStatusDetails
					tags
					roles
					verdict
					fileDetails
					detectionStatus
				}
				... on MicrosoftRegistryResource {
					id
					createdDateTime
					remediationStatus
					remediationStatusDetails
					tags
					roles
					verdict
					hive
					key
					value
				}
				... on MicrosoftNetworkResource {
					id
					createdDateTime
					remediationStatus
					remediationStatusDetails
					tags
					roles
					verdict
					action
					dnsRequest
					dnsResponse
				}
			}
			activities {
				id
				resourceId
				parentResourceId
				action
				firstActivityDateTime
				lastActivityDateTime
			}
		}
	}
					}
					metric {
						name
	value {
		__typename
		... on StringValue {
			string
		}
		... on DateValue {
			date
		}
		... on Entity {
			id
			name
			type
		}
	}
					}
					metricDetails {
						name
	units {
		id
		predicate
		community {
			from
			to
		}
	}
					}
					mitres {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
						name
					}
	rules {
		ip
		subnet
		user {
			id
			name
		}
		floatingSubnet {
			id
			name
		}
		globalIpRange {
			id
			name
		}
		group {
			id
			name
		}
		host {
			id
			name
		}
		ipRange {
			from
			to
		}
		networkInterface {
			id
			name
		}
		site {
			id
			name
		}
	}
					timeSeries {
	data {
		paging {
			from
			limit
			total
		}
		items {
			id
			updatedAt
			createdAt
			accountId
			analystName
			analystEmail
			accountName
			playbook
			summary
			incident {
				__typename
				... on MicrosoftEndpoint {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on AnomalyStats {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on AnomalyEvents {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on Threat {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on ThreatPrevention {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
			}
			timeline {
				createdAt
				description
				type
				context
				descriptions
				category
				additionalInfo
				analystInfo {
					name
					email
				}
			}
		}
	}
	groupBy {
		id
		name
		description
		membersCount
		audit {
			updatedTime
			updatedBy {
				__typename
				... on AdminRef {
					id
					name
				}
				... on ApiKeyRef {
					id
					name
				}
			}
		}
		members {
			items {
				id
				name
				type
			}
			paging {
				total
			}
		}
		membersCountPerType {
			type
			membersCount
		}
	}
						label
	sum {
		id
		route
		community {
			from
			to
		}
	}
	unitsIncidentTimeseries: units {
		id
		predicate
		community {
			from
			to
		}
	}
	info {
		name
		email
	}
						keyIncidentTimeseries: key {
							measureFieldName
							dimensions {
								fieldName
		value {
			__typename
			... on StringValue {
				string
			}
			... on DateValue {
				date
			}
			... on Entity {
				id
				name
				type
			}
		}
							}
						}
					}
					targets {
	typeIncidentTargetRep: type {
		name
		recommendedAction
		details
	}
						name
						analysisScore
						infectionSource
	threatReference {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						catoPopularity
	threatFeeds {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						creationTime
						categories
						countryOfRegistration
						searchHits
						engines
						eventDataIncidentTargetRep: eventData {
							signatureId
	eventType {
		signatureId
		eventType
		threatType
		threatName
		severity
		action
		ruleId
		virusName
		scanResult
		appId
		appName
		dnsProtectionCategory
	}
	threatType {
		name
		recommendedAction
		details
	}
	threatName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
							severity
							action
							ruleId
							virusName
							scanResult
							appId
							appName
							dnsProtectionCategory
						}
					}
					direction
				}
				... on Threat {
					similarStoriesData {
	storyId {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
	threatTypeName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						verdict
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						similarityPercentage
						indication
					}
					srcSiteId
					flowsCardinality
					riskLevel
	os {
		osType
		osBuild
		osVersion
	}
					deviceName
					macAddress
					logonName
					direction
					clientClass
					events {
						signatureId
	eventType {
		signatureId
		eventType
		threatType
		threatName
		severity
		action
		ruleId
		virusName
		scanResult
		appId
		appName
		dnsProtectionCategory
	}
	threatType {
		name
		recommendedAction
		details
	}
	threatName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						severity
						action
						ruleId
						virusName
						scanResultEvent: scanResult
						appId
						appName
						dnsProtectionCategory
					}
					mitres {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
						name
					}
					timeSeries {
	data {
		paging {
			from
			limit
			total
		}
		items {
			id
			updatedAt
			createdAt
			accountId
			analystName
			analystEmail
			accountName
			playbook
			summary
			incident {
				__typename
				... on MicrosoftEndpoint {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on AnomalyStats {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on AnomalyEvents {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on Threat {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on ThreatPrevention {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
			}
			timeline {
				createdAt
				description
				type
				context
				descriptions
				category
				additionalInfo
				analystInfo {
					name
					email
				}
			}
		}
	}
	groupBy {
		id
		name
		description
		membersCount
		audit {
			updatedTime
			updatedBy {
				__typename
				... on AdminRef {
					id
					name
				}
				... on ApiKeyRef {
					id
					name
				}
			}
		}
		members {
			items {
				id
				name
				type
			}
			paging {
				total
			}
		}
		membersCountPerType {
			type
			membersCount
		}
	}
						label
	sum {
		id
		route
		community {
			from
			to
		}
	}
	unitsIncidentTimeseries: units {
		id
		predicate
		community {
			from
			to
		}
	}
	info {
		name
		email
	}
						keyIncidentTimeseries: key {
							measureFieldName
							dimensions {
								fieldName
		value {
			__typename
			... on StringValue {
				string
			}
			... on DateValue {
				date
			}
			... on Entity {
				id
				name
				type
			}
		}
							}
						}
					}
					targets {
	typeIncidentTargetRep: type {
		name
		recommendedAction
		details
	}
						name
						analysisScore
						infectionSource
	threatReference {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						catoPopularity
	threatFeeds {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						creationTime
						categories
						countryOfRegistration
						searchHits
						engines
						eventDataIncidentTargetRep: eventData {
							signatureId
	eventType {
		signatureId
		eventType
		threatType
		threatName
		severity
		action
		ruleId
		virusName
		scanResult
		appId
		appName
		dnsProtectionCategory
	}
	threatType {
		name
		recommendedAction
		details
	}
	threatName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
							severity
							action
							ruleId
							virusName
							scanResult
							appId
							appName
							dnsProtectionCategory
						}
					}
					flows {
						appName
						clientClass
						sourceIp
						sourcePort
						destinationCountry
						destinationIp
						destinationPort
						direction
						createdAt
						referer
						userAgent
	method {
		value
		accessMethod
		operator
		valueSet {
			id
			name
		}
	}
						url
	target {
		type
		name
		analysisScore
		infectionSource
		threatReference
		catoPopularity
		threatFeeds
		creationTime
		categories
		countryOfRegistration
		searchHits
		engines
		eventData {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
	}
	domain {
		accountId
		accountName
		accountType
		subDomain
	}
						sourceGeolocation
						destinationGeolocation
						tunnelGeolocation
						httpResponseCode
						dnsResponseIP
						smbFileName
	user {
		id
		name
	}
	fileHash {
		enabled
		rules {
			properties
			audit {
				updatedTime
				updatedBy
			}
			rule {
				id
				name
				description
				index
				enabled
				fileName
				expirationDate
				action
				sha256
				section {
					id
					name
				}
			}
		}
		sections {
			properties
			audit {
				updatedTime
				updatedBy
			}
			section {
				id
				name
			}
		}
		audit {
			publishedTime
			publishedBy
		}
		revision {
			id
			name
			description
			changes
			createdTime
			updatedTime
		}
	}
						ja3
					}
				}
				... on ThreatPrevention {
					similarStoriesData {
	storyId {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
	threatTypeName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						verdict
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						similarityPercentage
						indication
					}
					srcSiteId
					flowsCardinality
					riskLevel
	os {
		osType
		osBuild
		osVersion
	}
					deviceName
					macAddress
					logonName
					direction
					clientClass
					events {
						signatureId
	eventType {
		signatureId
		eventType
		threatType
		threatName
		severity
		action
		ruleId
		virusName
		scanResult
		appId
		appName
		dnsProtectionCategory
	}
	threatType {
		name
		recommendedAction
		details
	}
	threatName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						severity
						action
						ruleId
						virusName
						scanResultEvent: scanResult
						appId
						appName
						dnsProtectionCategory
					}
					mitres {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
						name
					}
					timeSeries {
	data {
		paging {
			from
			limit
			total
		}
		items {
			id
			updatedAt
			createdAt
			accountId
			analystName
			analystEmail
			accountName
			playbook
			summary
			incident {
				__typename
				... on MicrosoftEndpoint {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on AnomalyStats {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on AnomalyEvents {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on Threat {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
				... on ThreatPrevention {
					id
					firstSignal
					lastSignal
					engineType
					vendor
					producer
					producerName
					connectionType
					indication
					queryName
				}
			}
			timeline {
				createdAt
				description
				type
				context
				descriptions
				category
				additionalInfo
				analystInfo {
					name
					email
				}
			}
		}
	}
	groupBy {
		id
		name
		description
		membersCount
		audit {
			updatedTime
			updatedBy {
				__typename
				... on AdminRef {
					id
					name
				}
				... on ApiKeyRef {
					id
					name
				}
			}
		}
		members {
			items {
				id
				name
				type
			}
			paging {
				total
			}
		}
		membersCountPerType {
			type
			membersCount
		}
	}
						label
	sum {
		id
		route
		community {
			from
			to
		}
	}
	unitsIncidentTimeseries: units {
		id
		predicate
		community {
			from
			to
		}
	}
	info {
		name
		email
	}
						keyIncidentTimeseries: key {
							measureFieldName
							dimensions {
								fieldName
		value {
			__typename
			... on StringValue {
				string
			}
			... on DateValue {
				date
			}
			... on Entity {
				id
				name
				type
			}
		}
							}
						}
					}
					targets {
	typeIncidentTargetRep: type {
		name
		recommendedAction
		details
	}
						name
						analysisScore
						infectionSource
	threatReference {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						catoPopularity
	threatFeeds {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						creationTime
						categories
						countryOfRegistration
						searchHits
						engines
						eventDataIncidentTargetRep: eventData {
							signatureId
	eventType {
		signatureId
		eventType
		threatType
		threatName
		severity
		action
		ruleId
		virusName
		scanResult
		appId
		appName
		dnsProtectionCategory
	}
	threatType {
		name
		recommendedAction
		details
	}
	threatName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
							severity
							action
							ruleId
							virusName
							scanResult
							appId
							appName
							dnsProtectionCategory
						}
					}
					threatPreventionsEvents {
						appName
						clientClass
						sourceIp
						sourcePort
						destinationCountry
						destinationIp
						destinationPort
						direction
						createdAt
	method {
		value
		accessMethod
		operator
		valueSet {
			id
			name
		}
	}
						url
	target {
		type
		name
		analysisScore
		infectionSource
		threatReference
		catoPopularity
		threatFeeds
		creationTime
		categories
		countryOfRegistration
		searchHits
		engines
		eventData {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
	}
	domain {
		accountId
		accountName
		accountType
		subDomain
	}
						sourceGeolocation
						destinationGeolocation
						tunnelGeolocation
						dnsResponseIP
						smbFileName
	user {
		id
		name
	}
						userAgent
	fileHash {
		enabled
		rules {
			properties
			audit {
				updatedTime
				updatedBy
			}
			rule {
				id
				name
				description
				index
				enabled
				fileName
				expirationDate
				action
				sha256
				section {
					id
					name
				}
			}
		}
		sections {
			properties
			audit {
				updatedTime
				updatedBy
			}
			section {
				id
				name
			}
		}
		audit {
			publishedTime
			publishedBy
		}
		revision {
			id
			name
			description
			changes
			createdTime
			updatedTime
		}
	}
						ja3
						referrer
						httpResponseCode
					}
				}
				... on NetworkXDRIncident {
					similarStoriesData {
	storyId {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
	threatTypeName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						verdict
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						similarityPercentage
						indication
					}
					networkIncidentTimeline {
						created
						validated
						description
	eventTypeNetworkTimelineEvent: eventType {
		signatureId
		eventType
		threatType
		threatName
		severity
		action
		ruleId
		virusName
		scanResult
		appId
		appName
		dnsProtectionCategory
	}
						incidentId
						networkEventSourceNetworkTimelineEvent: networkEventSource
	eventIds {
		signatureId
		eventType
		threatType
		threatName
		severity
		action
		ruleId
		virusName
		scanResult
		appId
		appName
		dnsProtectionCategory
	}
						acknowledged
						linkId
						linkName
						linkConfigPrecedenceNetworkTimelineEvent: linkConfigPrecedence
						linkStatusNetworkTimelineEvent: linkStatus
						linkConfigBandwidth
						deviceConfigHaRoleNetworkTimelineEvent: deviceConfigHaRole
						deviceHaRoleStateNetworkTimelineEvent: deviceHaRoleState
						socketSerialId
	pop {
		id
		name
	}
	isp {
		fileName
		fileHash
		uploadedAt
	}
						bgpConnectionNetworkTimelineEvent: bgpConnection {
							connectionName
							peerIp
							peerAsn
							catoIp
							catoAsn
						}
						linkQualityIssueNetworkTimelineEvent: linkQualityIssue {
							issueType
							direction
							current
							threshold
						}
						hostIp
						ruleName
						tunnelResetCount
						muted
					}
	storyType {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
					occurrences
					siteConnectionType
	siteConfigLocation {
		id
		type
		name
		description
		businessUnit
		archived
		account {
			id
			name
		}
		details {
			companyName
			vatId
			shippingLocation
			postalAddress {
				street
				cityName
				stateName
				zipCode
				addressValidated
				country {
					id
					name
				}
			}
			contact {
				name
				phone
				email
			}
		}
		audit {
			updatedTime
			updatedBy {
				__typename
				... on AdminRef {
					id
					name
				}
				... on ApiKeyRef {
					id
					name
				}
			}
		}
	}
					acknowledged
					linkId
					linkName
					linkConfigPrecedence
					deviceConfigHaRole
	licenseRegion {
		__typename
		... on DataLakeLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			dpaVersion
			retentionPeriod
		}
		... on PublicIpsLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			total
		}
		... on SiteLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			siteLicenseGroup
			regionality
		}
		... on PooledBandwidthLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			siteLicenseGroup
			siteLicenseType
		}
		... on ZtnaUsersLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			ztnaUsersLicenseGroup
			total
		}
	}
	licenseBandwidth {
		__typename
		... on DataLakeLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			dpaVersion
			retentionPeriod
		}
		... on PublicIpsLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			total
		}
		... on SiteLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			siteLicenseGroup
			regionality
		}
		... on PooledBandwidthLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			siteLicenseGroup
			siteLicenseType
		}
		... on ZtnaUsersLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			ztnaUsersLicenseGroup
			total
		}
	}
	pop {
		id
		name
	}
	isp {
		fileName
		fileHash
		uploadedAt
	}
					bgpConnection {
						connectionName
						peerIp
						peerAsn
						catoIp
						catoAsn
					}
					hostIp
					ruleName
					muted
					ilmmDetails {
						linkDetailsIlmmDetails: linkDetails {
							linkId
							description
							ispLinkId
	comments {
		comment {
			id
			createdAt
			text
			actor {
				__typename
				... on AdminRef {
					id
					name
				}
				... on ApiKeyRef {
					id
					name
				}
			}
		}
	}
							onboardingStatus
	activeLicense {
		__typename
		... on DataLakeLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			dpaVersion
			retentionPeriod
		}
		... on PublicIpsLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			total
		}
		... on SiteLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			siteLicenseGroup
			regionality
		}
		... on PooledBandwidthLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			siteLicenseGroup
			siteLicenseType
		}
		... on ZtnaUsersLicense {
			id
			description
			plan
			sku
			status
			startDate
			expirationDate
			lastUpdated
			ztnaUsersLicenseGroup
			total
		}
	}
						}
						ispDetailsIlmmDetails: ispDetails {
							name
							ispAccountId
							supportEmail
							supportPhone
							description
							countryCode
							loaFile {
								fileName
		fileHash {
			enabled
			rules {
				properties
				audit {
					updatedTime
					updatedBy
				}
				rule {
					id
					name
					description
					index
					enabled
					fileName
					expirationDate
					action
					sha256
					section {
						id
						name
					}
				}
			}
			sections {
				properties
				audit {
					updatedTime
					updatedBy
				}
				section {
					id
					name
				}
			}
			audit {
				publishedTime
				publishedBy
			}
			revision {
				id
				name
				description
				changes
				createdTime
				updatedTime
			}
		}
								uploadedAt
							}
						}
						contactsIlmmDetails: contacts {
							name
							phone
							email
						}
					}
				}
				... on AiOperationsIncident {
					similarStoriesData {
	storyId {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
	threatTypeName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						verdict
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						similarityPercentage
						indication
					}
					flowLastTime
					flowStartTime
					ioa
					riskScore
	type {
		name
		recommendedAction
		details
	}
					occurrences
					eventsGraphQuery {
	typeEventsGraphQuery: type {
		name
		recommendedAction
		details
	}
						timeSeriesEventsEventsGraphQuery: timeSeriesEvents {
							accountID
	timeFrame {
		from
		to
	}
							measures {
								aggType
								fieldName
								trend
							}
							dimensions {
								fieldName
							}
							filters {
								fieldName
								operator
		values {
			container {
				id
				name
				description
				size
				audit {
					createdAt
					createdBy
					lastModifiedBy
					lastModifiedAt
				}
			}
		}
							}
							buckets
						}
					}
					accountOperationIncident {
						incidentTimelineAccountOperationsIncident: incidentTimeline {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							created
							validated
							description
	type {
		name
		recommendedAction
		details
	}
							... on AccountOperationsTimelineEvent {
		eventIds {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
								muted
							}
						}
						metadataAccountOperationsIncident: metadata {
	type {
		name
		recommendedAction
		details
	}
	key {
		measureFieldName
		dimensions {
			value
			fieldName
		}
	}
	value {
		__typename
		... on StringValue {
			string
		}
		... on DateValue {
			date
		}
		... on Entity {
			id
			name
			type
		}
	}
						}
					}
				}
				... on CatoEndpoint {
					similarStoriesData {
	storyId {
		id
		updatedAt
		createdAt
		accountId
		analystName
		analystEmail
		accountName
		playbook
		summary
		incident {
			__typename
			... on MicrosoftEndpoint {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyStats {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on AnomalyEvents {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on Threat {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
			... on ThreatPrevention {
				id
				firstSignal
				lastSignal
				engineType
				vendor
				producer
				producerName
				connectionType
				indication
				queryName
			}
		}
		timeline {
			createdAt
			description
			type
			context
			descriptions
			category
			additionalInfo
			analystInfo {
				name
				email
			}
		}
	}
	threatTypeName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						verdict
	threatClassification {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						similarityPercentage
						indication
					}
					device {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
						deviceName
						osDetailsCatoEndpointDeviceDetails: osDetails {
							osType
							osBuild
							osVersion
						}
						loggedOnUsersCatoEndpointDeviceDetails: loggedOnUsers {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							name
							... on MicrosoftEndpointUser {
								userSid
								accountName
								domainName
								principalName
							}
							... on CatoEndpointUser {
		id {
			id
			status
			description
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
			source
			criticality
			ticket
			research
			siteName
			storyDuration
			analystFeedback {
				verdict
				severity
				threatClassification
				additionalInfo
				threatType {
					name
					recommendedAction
					details
				}
			}
			site {
				id
				name
			}
			user {
				id
				name
			}
			similarStoriesData {
				storyId
				threatTypeName
				verdict
				threatClassification
				similarityPercentage
				indication
			}
			networkIncidentTimeline {
				description
				created
				validated
				eventType
				incidentId
				networkEventSource
				eventIds
				acknowledged
				linkId
				linkName
				linkConfigPrecedence
				linkStatus
				linkConfigBandwidth
				deviceConfigHaRole
				deviceHaRoleState
				socketSerialId
				bgpConnection {
					connectionName
					peerIp
					peerAsn
					catoIp
					catoAsn
				}
				linkQualityIssue {
					issueType
					direction
					current
					threshold
				}
			}
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			ilmmDetails {
				linkDetails {
					description
					linkId
					ispLinkId
					comments
					onboardingStatus
					activeLicense
				}
				ispDetails {
					name
					description
					ispAccountId
					supportEmail
					supportPhone
					countryCode
					loaFile {
						fileName
						fileHash
						uploadedAt
					}
				}
				contacts {
					name
					phone
					email
				}
			}
		}
								name
							}
						}
						macAddress
	externalIp {
		id
		name
	}
						localIp
					}
					alerts {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
						title
						description
	threatName {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		events {
			signatureId
			eventType
			threatType
			threatName
			severity
			action
			ruleId
			virusName
			scanResult
			appId
			appName
			dnsProtectionCategory
		}
		mitres {
			id
			name
		}
		timeSeries {
			data
			groupBy
			label
			sum
			units
			info
			key {
				measureFieldName
				dimensions {
					value
					fieldName
				}
			}
		}
		targets {
			type
			name
			analysisScore
			infectionSource
			threatReference
			catoPopularity
			threatFeeds
			creationTime
			categories
			countryOfRegistration
			searchHits
			engines
			eventData {
				signatureId
				eventType
				threatType
				threatName
				severity
				action
				ruleId
				virusName
				scanResult
				appId
				appName
				dnsProtectionCategory
			}
		}
	}
						mitreTechniqueCatoEndpointAlert: mitreTechnique {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							name
						}
						mitreSubTechniqueCatoEndpointAlert: mitreSubTechnique {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							name
						}
						createdDateTime
						resourcesCatoEndpointAlert: resources {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							createdDateTime
							remediationStatus
							... on CatoProcessResource {
								processId
								processCommandLine
								imageFile {
									name
									path
									size
									sha1
									sha256
									md5
									issuer
									signer
									publisher
								}
								userAccount {
		id {
			id
			status
			description
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
			source
			criticality
			ticket
			research
			siteName
			storyDuration
			analystFeedback {
				verdict
				severity
				threatClassification
				additionalInfo
				threatType {
					name
					recommendedAction
					details
				}
			}
			site {
				id
				name
			}
			user {
				id
				name
			}
			similarStoriesData {
				storyId
				threatTypeName
				verdict
				threatClassification
				similarityPercentage
				indication
			}
			networkIncidentTimeline {
				description
				created
				validated
				eventType
				incidentId
				networkEventSource
				eventIds
				acknowledged
				linkId
				linkName
				linkConfigPrecedence
				linkStatus
				linkConfigBandwidth
				deviceConfigHaRole
				deviceHaRoleState
				socketSerialId
				bgpConnection {
					connectionName
					peerIp
					peerAsn
					catoIp
					catoAsn
				}
				linkQualityIssue {
					issueType
					direction
					current
					threshold
				}
			}
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			ilmmDetails {
				linkDetails {
					description
					linkId
					ispLinkId
					comments
					onboardingStatus
					activeLicense
				}
				ispDetails {
					name
					description
					ispAccountId
					supportEmail
					supportPhone
					countryCode
					loaFile {
						fileName
						fileHash
						uploadedAt
					}
				}
				contacts {
					name
					phone
					email
				}
			}
		}
									name
									... on MicrosoftEndpointUser {
		id {
			id
			status
			description
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
			source
			criticality
			ticket
			research
			siteName
			storyDuration
			analystFeedback {
				verdict
				severity
				threatClassification
				additionalInfo
				threatType {
					name
					recommendedAction
					details
				}
			}
			site {
				id
				name
			}
			user {
				id
				name
			}
			similarStoriesData {
				storyId
				threatTypeName
				verdict
				threatClassification
				similarityPercentage
				indication
			}
			networkIncidentTimeline {
				description
				created
				validated
				eventType
				incidentId
				networkEventSource
				eventIds
				acknowledged
				linkId
				linkName
				linkConfigPrecedence
				linkStatus
				linkConfigBandwidth
				deviceConfigHaRole
				deviceHaRoleState
				socketSerialId
				bgpConnection {
					connectionName
					peerIp
					peerAsn
					catoIp
					catoAsn
				}
				linkQualityIssue {
					issueType
					direction
					current
					threshold
				}
			}
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			ilmmDetails {
				linkDetails {
					description
					linkId
					ispLinkId
					comments
					onboardingStatus
					activeLicense
				}
				ispDetails {
					name
					description
					ispAccountId
					supportEmail
					supportPhone
					countryCode
					loaFile {
						fileName
						fileHash
						uploadedAt
					}
				}
				contacts {
					name
					phone
					email
				}
			}
		}
										name
										userSid
										accountName
										domainName
										principalName
									}
									... on CatoEndpointUser {
		id {
			id
			status
			description
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
			source
			criticality
			ticket
			research
			siteName
			storyDuration
			analystFeedback {
				verdict
				severity
				threatClassification
				additionalInfo
				threatType {
					name
					recommendedAction
					details
				}
			}
			site {
				id
				name
			}
			user {
				id
				name
			}
			similarStoriesData {
				storyId
				threatTypeName
				verdict
				threatClassification
				similarityPercentage
				indication
			}
			networkIncidentTimeline {
				description
				created
				validated
				eventType
				incidentId
				networkEventSource
				eventIds
				acknowledged
				linkId
				linkName
				linkConfigPrecedence
				linkStatus
				linkConfigBandwidth
				deviceConfigHaRole
				deviceHaRoleState
				socketSerialId
				bgpConnection {
					connectionName
					peerIp
					peerAsn
					catoIp
					catoAsn
				}
				linkQualityIssue {
					issueType
					direction
					current
					threshold
				}
			}
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			ilmmDetails {
				linkDetails {
					description
					linkId
					ispLinkId
					comments
					onboardingStatus
					activeLicense
				}
				ispDetails {
					name
					description
					ispAccountId
					supportEmail
					supportPhone
					countryCode
					loaFile {
						fileName
						fileHash
						uploadedAt
					}
				}
				contacts {
					name
					phone
					email
				}
			}
		}
										name
									}
								}
							}
							... on CatoFileResource {
								fileDetails {
									name
									path
									size
									sha1
									sha256
									md5
									issuer
									signer
									publisher
								}
								detectionStatus
							}
						}
						activitiesCatoEndpointAlert: activities {
	id {
		id
		status
		description
		firstSignal
		lastSignal
		engineType
		vendor
		producer
		producerName
		connectionType
		indication
		queryName
		source
		criticality
		ticket
		research
		siteName
		storyDuration
		analystFeedback {
			verdict
			severity
			threatClassification
			additionalInfo
			threatType {
				name
				recommendedAction
				details
			}
		}
		site {
			id
			name
		}
		user {
			id
			name
		}
		similarStoriesData {
			storyId
			threatTypeName
			verdict
			threatClassification
			similarityPercentage
			indication
		}
		networkIncidentTimeline {
			description
			created
			validated
			eventType
			incidentId
			networkEventSource
			eventIds
			acknowledged
			linkId
			linkName
			linkConfigPrecedence
			linkStatus
			linkConfigBandwidth
			deviceConfigHaRole
			deviceHaRoleState
			socketSerialId
			bgpConnection {
				connectionName
				peerIp
				peerAsn
				catoIp
				catoAsn
			}
			linkQualityIssue {
				issueType
				direction
				current
				threshold
			}
		}
		bgpConnection {
			connectionName
			peerIp
			peerAsn
			catoIp
			catoAsn
		}
		ilmmDetails {
			linkDetails {
				description
				linkId
				ispLinkId
				comments
				onboardingStatus
				activeLicense
			}
			ispDetails {
				name
				description
				ispAccountId
				supportEmail
				supportPhone
				countryCode
				loaFile {
					fileName
					fileHash
					uploadedAt
				}
			}
			contacts {
				name
				phone
				email
			}
		}
	}
							resourceId
							parentResourceId
						}
						criticality
						engineTypeCatoEndpointAlert: engineType
	statusCatoEndpointAlert: status {
		rawStatus
		status
	}
	endpointProtectionProfile {
		__typename
		... on MicrosoftEndpoint {
			id
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
		}
		... on CatoEndpoint {
			id
			firstSignal
			lastSignal
			engineType
			vendor
			producer
			producerName
			connectionType
			indication
			queryName
		}
	}
	externalIp {
		id
		name
	}
						localIp
					}
				}
			}
			timeline {
				createdAt
				description
	context {
		applicationTenant {
			value
			operator
			valueSet {
				id
				name
			}
		}
	}
	type {
		name
		recommendedAction
		details
	}
				descriptions
	category {
		id
		name
	}
				additionalInfo
				analystInfo {
					name
					email
				}
			}
		}
	}	
}