Product Update - Nov. 13th, 2023

New Features & Enhancements

  • New XDR Security Report: The new XDR Report summarizes XDR story investigations and provides an overview of the account security posture.

    • The report includes data such as:

      • Number of stories investigated with breakdown by verdict

      • Summary of malicious and suspicious stories with breakdown by site, severity, and country

      • Available for XDR Core, XDR Pro, and MDR customers

  • New Third-Party Integrations with Cato Events: Leverage native integration with these platforms:

    • Axonius integration: Cato customers that also use Axonius cybersecurity and asset management

    • Zenoss ZenPack integration: Cato customers that also use the Zenoss ZenPack extension module

    • Read more about other third-party vendors that support native integration with Cato events

  • Reminder - Upcoming Deprecation of the Account Snapshot ‘metrics’ Field: Cato previously announced that on Nov. 15, 2023, we will deprecate the metrics field in the accountSnapshot API.

    • After this date, the metrics field in the accountSnapshot API will no longer be available

    • All traffic metrics and data are available using the accountMetrics API.     

PoP Announcements

  • Los Angeles, United States: A new range (216.205.115.0/24) is now available in the Los Angeles PoP location

Security Updates

  • IPS Signatures:
    View more details about the IPS Signatures and Protections in the Threats Catalog.

    • SSH Client OpenVAS Scanner

    • SSH Client Vulnerability Scanner Client SSH Version 9.9

    • SSH Vulnerability Scanner Client Nessus

    • SSH Vulnerability Scanner Client Nmap

    • SSH Vulnerability Scanner Client Qualys

    • SSH Vulnerability Scanner Client Rapid7

    • SSH Vulnerability Scanner Client Sentinel1

    • SSH Vulnerability Scanner Client TenableRocks

    • CVE-2023-46747

    • CVE-2023-42793

    • CVE-2023-32315

    • CVE-2023-29800

    • CVE-2023-22518

  • Apps Catalog:
    See the new SaaS applications in the Apps Catalog.

  • Application Control (CASB): 

    • New granular actions for the following apps: 

      • Workplace: Comment, Post, Call, Upload File, Login

      • Instagram: Send Message

  • Detection and Response:
    These are the updates to the Indications Catalog

    • Threat Hunting IOA signatures: 

      • Blocked IP/Domain

      • Common Scanner (WAN bound)

      • Common Scanners (Outbound)

      • Downloading a Suspicious Script

      • Known Cobalt Strike Profile

      • Known Scanner (WAN bound)

      • Malware Activity

      • Potential Downloader

      • Potential Unwanted Program (PUP) Activity

      • PSExec Execution

      • Sinkholed Domain

      • Sinkholed IP

      • Suspicious Network Activity (Domains) 

    • Threat Prevention IOA signatures: 

      • Downloading From Exploit-DB

      • Suspicious Network Activity

      • Suspicious Network Activity (User-Agent)

      • Suspicious Tool Download

  • File Identification:

    • Enhanced file identification in Cato Cloud services for the following file types:

      • CMD (Windows Command File)

      • DOC (Microsoft Office Document)

      • MSI (Microsoft Windows Installer Package)

      • PPT (Microsoft Office Powerpoint)

      • XLS (Microsoft Office Excel)

 

Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.

Was this article helpful?

0 out of 2 found this helpful

0 comments

Add your comment