The Cato service generates rich and granular events, providing comprehensive visibility across network and security features. You can directly consume these events in the following ways:
-
Directly in the Cato Management Application (see Analyzing Events in Your Network)
-
A high-scale feed to Cloud Storage such as AWS S3 and Azure Blob Storage
-
Using the Cato API
In addition, Cato enables integrating with SIEM, observability, asset management, data collection, and other solutions as detailed in the SIEM Integration Guide for the Cato API. The list below presents vendor-supported integrations for Cato events. These vendors provide a readily available way to collect, analyze, and visualize Cato events using their platforms.
Vendor |
Vendor Documentation |
---|---|
Arctic Wolf |
|
Axonius |
|
Google Chronicle |
Documentation > Reference > Supported log types and default parsers |
Hunters |
List of supported integrations on Hunters corporate website |
LogicMonitor |
|
Lumu |
Custom Integrations - API > Cato Networks Custom Data Collection Integration |
Rapid7 |
|
Secureworks Taegis XDR |
|
Sekoia |
|
Sophos |
|
Stellar Cyber |
|
Sumo Logic |
Cloud-to-Cloud Integration Framework Sources > Cato Networks |
Tarsal |
|
Zenoss |
Zenoss ZenPack Catalog > Network> Cato Networks Integration ZenPack |
35 comments
Added Google Chronicle as a third-party SIEM vendor
Will you add Azure Sentinel in the future?
Thomas Capacci Yes - we are working on adding Azure Sentinel in the future.
Added Arctic Wolf, Axonius, and Zenoss as third-party SIEM vendors
Any future plans to add Crowdstrike Logscale direct integration?
Hi Joe,
Crowdstrike is a vendor with whom we'd be happy to work on an integration. If you have any contacts there you can put us in touch with, let us know.
Cheers,
Peter
I would like to see splunk enterprise added as well.
Hello Younggeol Yoon,
We are working on a more formal Splunk integration.
Regards,
Peter
We'd like to bring more monitoring and observability of our Cato network infra. Is there any open source monitoring solution that can fetch metrics from Cato API?
Hello Sasikumar,
Any solution which has the following capabilities can fetch metrics from Cato:
I believe that covers almost all monitoring solutions both proprietary and open source. I regularly consult with customers and partners using a wide range of different third party solutions with Cato.
Regards,
Peter
Hey Peter,
Do you know if Datadog Cloud SIEM is on the roadmap at all?
Hello Will,
I know we have some customers who have integrated with it, and it's on my watch list, but I'm not aware of any short-term plans for an officially-supported integration. I will raise your interest with our Product Management.
Regards,
Peter
Hi Will,
I can confirm Peter's answer that it is on our longer-term roadmap, but not on the immediate roadmap.
Regards,
Michael
Hi Team,
Any progress on Crowdstrike Logscale SIEM integration? I see there was talk of it a few months back. Thanks!
Greg
Hey Peter,
Do you have any plans to integrate with AT&T USM Anywhere?
Regards
Naveen
Gregory Rogers - we are in discussion with Crowdstrike, so there is some progress but I don't have an ETA.
naveensharma - there hasn't been any demand so far for a productised integration with USM Anywhere but we are happy to work with anyone who wants to integrate with Cato.
Any update on Azure Sentinel ?
Gil - no change to Sentinel. The eventsFeed.py script includes a Sentinel API output option. Although this API is deprecated by Microsoft, they are saying that it won't go EOL before September 2026 so it should be a viable option for now. We also have the direct push to Azure blob storage. Unfortunately Sentinel can't ingest directly from Azure blob storage so we are working on an Azure Function to help process these logs.
Can you please add Crowdstrike Logscale integration as there are more requirements?
Is there an eta on splunk integration?
Hello Todd,
An official, productised Splunk integration is on our roadmap but there is no ETA at present.
do you have a connector for DEVO Siem?
Hello Craig,
I don't think we've had any requests for DEVO yet so if any customers are currently running it they would have configured it themselves or with assistance from DEVO.
Hello,
We are also looking for Sentinel integration.
Any news about that?
Thank you.
Secureworks integration please.
We would like to see an Exabeam integration. Is this integration on the roadmap? And if so any timeline?
We also look for an integration with Wazuh and with Elastic.
Can you please share documentation regarding configuration of syslog forwarding feature?
Thanks.
Hi
Do you support sending syslog directly to Qradar ?
Thanks
Please sign in to leave a comment.