Product Update - Nov. 13th, 2023

New Features & Enhancements

  • New XDR Security Report: The new XDR Report summarizes XDR story investigations and provides an overview of the account security posture.

    • The report includes data such as:

      • Number of stories investigated with breakdown by verdict

      • Summary of malicious and suspicious stories with breakdown by site, severity, and country

      • Available for XDR Core, XDR Pro, and MDR customers

  • New Third-Party Integrations with Cato Events: Leverage native integration with these platforms:

    • Axonius integration: Cato customers that also use Axonius cybersecurity and asset management

    • Zenoss ZenPack integration: Cato customers that also use the Zenoss ZenPack extension module

    • Read more about other third-party vendors that support native integration with Cato events

  • Reminder - Upcoming Deprecation of the Account Snapshot ‘metrics’ Field: Cato previously announced that on Nov. 15, 2023, we will deprecate the metrics field in the accountSnapshot API.

    • After this date, the metrics field in the accountSnapshot API will no longer be available

    • All traffic metrics and data are available using the accountMetrics API.     

PoP Announcements

  • Los Angeles, United States: A new range ( is now available in the Los Angeles PoP location

Security Updates

  • IPS Signatures:
    View more details about the IPS Signatures and Protections in the Threats Catalog.

    • SSH Client OpenVAS Scanner

    • SSH Client Vulnerability Scanner Client SSH Version 9.9

    • SSH Vulnerability Scanner Client Nessus

    • SSH Vulnerability Scanner Client Nmap

    • SSH Vulnerability Scanner Client Qualys

    • SSH Vulnerability Scanner Client Rapid7

    • SSH Vulnerability Scanner Client Sentinel1

    • SSH Vulnerability Scanner Client TenableRocks

    • CVE-2023-46747

    • CVE-2023-42793

    • CVE-2023-32315

    • CVE-2023-29800

    • CVE-2023-22518

  • Apps Catalog:
    See the new SaaS applications in the Apps Catalog.

  • Application Control (CASB): 

    • New granular actions for the following apps: 

      • Workplace: Comment, Post, Call, Upload File, Login

      • Instagram: Send Message

  • Detection and Response:
    These are the updates to the Indications Catalog

    • Threat Hunting IOA signatures: 

      • Blocked IP/Domain

      • Common Scanner (WAN bound)

      • Common Scanners (Outbound)

      • Downloading a Suspicious Script

      • Known Cobalt Strike Profile

      • Known Scanner (WAN bound)

      • Malware Activity

      • Potential Downloader

      • Potential Unwanted Program (PUP) Activity

      • PSExec Execution

      • Sinkholed Domain

      • Sinkholed IP

      • Suspicious Network Activity (Domains) 

    • Threat Prevention IOA signatures: 

      • Downloading From Exploit-DB

      • Suspicious Network Activity

      • Suspicious Network Activity (User-Agent)

      • Suspicious Tool Download

  • File Identification:

    • Enhanced file identification in Cato Cloud services for the following file types:

      • CMD (Windows Command File)

      • DOC (Microsoft Office Document)

      • MSI (Microsoft Windows Installer Package)

      • PPT (Microsoft Office Powerpoint)

      • XLS (Microsoft Office Excel)


Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?


Add your comment