Third-Party Supported Integrations for Cato Data

The Cato service generates rich and granular events, providing comprehensive visibility across network and security features. You can directly consume these events in the following ways:

In addition, Cato enables integrating with SIEM, observability, asset management, data collection, and other solutions as detailed in the SIEM Integration Guide for the Cato API. The list below presents vendor-supported integrations for Cato events. These vendors provide a readily available way to collect, analyze, and visualize Cato events using their platforms.

Was this article helpful?

1 out of 2 found this helpful

35 comments

  • Comment author
    Yaakov Simon
    • Edited

    Added Google Chronicle as a third-party SIEM vendor

  • Comment author
    Thomas Capacci

    Will you add Azure Sentinel in the future?

  • Comment author
    Yaakov Simon

    Thomas Capacci Yes - we are working on adding Azure Sentinel in the future.

  • Comment author
    Yaakov Simon
    • Edited

    Added Arctic Wolf, Axonius, and Zenoss as third-party SIEM vendors

  • Comment author
    Joe Pascale

    Any future plans to add Crowdstrike Logscale direct integration?  

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    Hi Joe,

    Crowdstrike is a vendor with whom we'd be happy to work on an integration. If you have any contacts there you can put us in touch with, let us know.

    Cheers,

    Peter

  • Comment author
    hans1.yoon

    I would like to see splunk enterprise added as well.

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    Hello Younggeol Yoon,

    We are working on a more formal Splunk integration.

    Regards,

    Peter

     

  • Comment author
    s.ramachandran

    We'd like to bring more monitoring and observability of  our Cato network infra. Is there any open source monitoring solution that can fetch metrics from Cato API?

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    Hello Sasikumar,

    Any solution which has the following capabilities can fetch metrics from Cato:

    • Make GraphQL API calls or run a script and read the response.
    • Parse JSON.

    I believe that covers almost all monitoring solutions both proprietary and open source. I regularly consult with customers and partners using a wide range of different third party solutions with Cato.

    Regards,

    Peter

  • Comment author
    wwebsterSA

    Hey Peter,

    Do you know if Datadog Cloud SIEM is on the roadmap at all? 

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    Hello Will,

    I know we have some customers who have integrated with it, and it's on my watch list, but I'm not aware of any short-term plans for an officially-supported integration. I will raise your interest with our Product Management. 

    Regards,

    Peter

  • Comment author
    Michael Zagalsky

    Hi Will, 
    I can confirm Peter's answer that it is on our longer-term roadmap, but not on the immediate roadmap.

    Regards,

    Michael

  • Comment author
    Gregory Rogers

    Hi Team,

    Any progress on Crowdstrike Logscale SIEM integration? I see there was talk of it a few months back. Thanks! 

    Greg

  • Comment author
    naveensharma

    Hey Peter,

    Do you have any plans to integrate with AT&T USM Anywhere?

    Regards

    Naveen

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    Gregory Rogers  - we are in discussion with Crowdstrike, so there is some progress but I don't have an ETA.

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    naveensharma  - there hasn't been any demand so far for a productised integration with USM Anywhere but we are happy to work with anyone who wants to integrate with Cato.

  • Comment author
    Gil Saldivar

    Any update on Azure Sentinel ?

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    Gil - no change to Sentinel. The eventsFeed.py script includes a Sentinel API output option. Although this API is deprecated by Microsoft, they are saying that it won't go EOL before September 2026 so it should be a viable option for now. We also have the direct push to Azure blob storage. Unfortunately Sentinel can't ingest directly from Azure blob storage so we are working on an Azure Function to help process these logs.

  • Comment author
    siraj tp

    Can you please add Crowdstrike Logscale integration as there are more requirements?

  • Comment author
    Todd Walton
    • Edited

    Is there an eta on splunk integration?

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    Hello Todd,

    An official, productised Splunk integration is on our roadmap but there is no ETA at present.

  • Comment author
    Craig Pilay

    do you have a connector for DEVO Siem?

  • Comment author
    Peter Lee Keeper of positive, active, and healthy conversations. Community moderator Only 42 of these badges will be awarded.  They are reserved for people who have played a key role in helping build the Cato Community through their contributions! Community Pioneer

    Hello Craig,

    I don't think we've had any requests for DEVO yet so if any customers are currently running it they would have configured it themselves or with assistance from DEVO.

  • Comment author
    Yoann Moizan

    Hello,

    We are also looking for Sentinel integration.

    Any news about that?

    Thank you.

  • Comment author
    craig.mccaddon

    Secureworks integration please.

  • Comment author
    Joost van der Locht

    We would like to see an Exabeam integration. Is this integration on the roadmap? And if so any timeline?

  • Comment author
    Joost van der Locht

    We also look for an integration with Wazuh and with Elastic.

  • Comment author
    Yoann Moizan

    Can you please share documentation regarding configuration of syslog forwarding feature?

    Thanks.

  • Comment author
    Golan Shai

    Hi 

    Do you support sending syslog directly to Qradar ? 

    Thanks 

Add your comment