Imagine you just got a new car with a feature that automatically adjusts the air conditioning based on live weather forecasts. To activate it, you need to connect the car to an external weather service. You could take it to the garage, pay someone to configure it, and wait for the job to be done. Or, you could use a built-in assistant that asks you two simple questions and shows you how to set everything up in minutes.
That’s the idea behind Cato’s new API Assistant. Instead of figuring out complex GraphQL queries on your own or relying on an expert, the assistant helps you connect with our API quickly and easily, guiding you every step of the way.
A New Layer to Cato’s AI Capabilities
Earlier this year, we introduced the KB Assistant, a natural language interface that allows users to explore Cato’s product knowledge base with ease. Now, we are extending that capability to our GraphQL API with a new AI copilot.
An Inside Look at Cato’s New AI Assistant | Read the blog
Cato’s API is highly flexible, enabling everything from extracting event logs to managing firewall rules. However, with that flexibility comes complexity. The GraphQL schema is deeply structured, often involving layered input objects, multi-entity mutations, and interconnected hierarchies resembling a tree structure that can be difficult to navigate without support. This is where the API Assistant becomes essential, simplifying the process and helping users build GraphQL operations more efficiently.
Your GraphQL Copilot, Contextually Powered
The API Assistant uses a Retrieval-Augmented Generation (RAG) architecture to give you highly relevant GraphQL queries and mutations, along with the required input objects and examples.
Here’s how it works:
1. When you ask a question, the assistant creates a numerical representation of your input text (embedding) and compares it to the embeddings of our GraphQL objects. For each object, we embed its description, the description of the returned object and a list of the sub objects it contains. Once a similar GraphQL object was found to have a close sematic similarity to the user input, it is chosen as a relevant context.
2. Several contexts can be retrieved for each user input. Each full context includes more than what was embedded for the first stage of context searching, and includes: descriptions, response structures, input variables, usage examples, and the full documentation of all sub objects within this main object. An example of a retrieved context can be seen in Fig. 1, where partial expansion of the entityLookup query arguments are shown alongside the Response object and Examples.,. To reduce the amount of information that is eventually given to the LLM, we prune any sub object details that already exist in the context..
Figure 1. Partial context from the EntityLookup query, showing a limited expansion of two input arguments.
3. The structured context retrieved is added to the user prompt and given as input to the LLM, as seen in Fig. 2, becoming the assistant’s “working memory”, helping the LLM build precise and complete answers tailored to your request.
Figure 2. Concatenating the retrieved context to the user input and feeding it to the LLM
Building Real-World Use Cases with Cato’s GraphQL Copilot
Imagine you’re building a security automation pipeline that brings together multiple layers of network insight. You want to monitor admin activity, track configuration changes, and feed security metrics into your SIEM or ML model.
You start by pulling admin activity logs using the auditFeed query to track all administrative changes. Next, you want to monitor security incidents and alerts, so you implement the XDRStories query. As the integration evolves, you correlate this data with accountMetrics and accountSnapshot to build a comprehensive security dashboard. The assistant helps translate your real-world goals into precise GraphQL operations, turning complex security monitoring requirements into actionable API calls.
Video Demo 1: Integrating Cato Events with Your SIEM
In this demo, we show how to use the API Assistant to build a query that pulls real-time event data from your Cato deployment, then stream it into your SIEM platform of choice. No need to manually browse documentation or reverse-engineer the schema.
Video Demo 2: Exporting Firewall Policies for Downstream Security Intelligence
In this use case, we retrieve internet firewall policies via GraphQL. This can serve as an initial step toward enabling a broader business workflow.
Tips for Getting the Most from Your API Copilot
- Be clear and specific: Describe your goal in detail and use exact query or feature names.
- Ask step by step: Start by identifying the right query, then request examples or customizations.
- Add context: Include timeframes, filters, or site names to get tailored results.
- Chain tasks: Break complex requests into ordered steps, like finding a site ID before running metrics.
- Debug together: Share any errors back with the assistant for help.
- Use the docs: Each response links to relevant GraphQL documentation.
- Refine as you go: Rephrase or clarify if needed, your input helps us improve.
One API. Endless Possibilities. Smarter Access.
The API Assistant is here to make Cato’s GraphQL more accessible, intuitive, and efficient, whether you’re pulling metrics for automation, syncing data with external systems, or building custom analytics workflows. It’s your personal integration engineer, always ready to help.
We’re excited for you to explore this new capability and we’re even more excited about where it can take you.
The post Introducing Cato’s API Assistant: Your New Copilot for GraphQL appeared first on Cato Networks.
