New Features & Enhancements
-
New XDR Security Report: The new XDR Report summarizes XDR story investigations and provides an overview of the account security posture.
-
The report includes data such as:
-
Number of stories investigated with breakdown by verdict
-
Summary of malicious and suspicious stories with breakdown by site, severity, and country
-
Available for XDR Core, XDR Pro, and MDR customers
-
-
-
New Third-Party Integrations with Cato Events: Leverage native integration with these platforms:
-
Axonius integration: Cato customers that also use Axonius cybersecurity and asset management
-
Zenoss ZenPack integration: Cato customers that also use the Zenoss ZenPack extension module
-
Read more about other third-party vendors that support native integration with Cato events
-
-
Reminder - Upcoming Deprecation of the Account Snapshot ‘metrics’ Field: Cato previously announced that on Nov. 15, 2023, we will deprecate the metrics field in the accountSnapshot API.
-
After this date, the metrics field in the accountSnapshot API will no longer be available
-
All traffic metrics and data are available using the accountMetrics API.
-
PoP Announcements
- Los Angeles, United States: A new range (216.205.115.0/24) is now available in the Los Angeles PoP location
Security Updates
-
IPS Signatures:
View more details about the IPS Signatures and Protections in the Threats Catalog.-
SSH Client OpenVAS Scanner
-
SSH Client Vulnerability Scanner Client SSH Version 9.9
-
SSH Vulnerability Scanner Client Nessus
-
SSH Vulnerability Scanner Client Nmap
-
SSH Vulnerability Scanner Client Qualys
-
SSH Vulnerability Scanner Client Rapid7
-
SSH Vulnerability Scanner Client Sentinel1
-
SSH Vulnerability Scanner Client TenableRocks
-
CVE-2023-46747
-
CVE-2023-42793
-
CVE-2023-32315
-
CVE-2023-29800
-
CVE-2023-22518
-
-
Apps Catalog:
See the new SaaS applications in the Apps Catalog. -
Application Control (CASB):
-
New granular actions for the following apps:
-
Workplace: Comment, Post, Call, Upload File, Login
-
Instagram: Send Message
-
-
-
Detection and Response:
These are the updates to the Indications Catalog:-
Threat Hunting IOA signatures:
-
Blocked IP/Domain
-
Common Scanner (WAN bound)
-
Common Scanners (Outbound)
-
Downloading a Suspicious Script
-
Known Cobalt Strike Profile
-
Known Scanner (WAN bound)
-
Malware Activity
-
Potential Downloader
-
Potential Unwanted Program (PUP) Activity
-
PSExec Execution
-
Sinkholed Domain
-
Sinkholed IP
-
Suspicious Network Activity (Domains)
-
-
Threat Prevention IOA signatures:
-
Downloading From Exploit-DB
-
Suspicious Network Activity
-
Suspicious Network Activity (User-Agent)
-
Suspicious Tool Download
-
-
-
File Identification:
-
Enhanced file identification in Cato Cloud services for the following file types:
-
CMD (Windows Command File)
-
DOC (Microsoft Office Document)
-
MSI (Microsoft Windows Installer Package)
-
PPT (Microsoft Office Powerpoint)
-
XLS (Microsoft Office Excel)
-
-
Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.
0 comments
Please sign in to leave a comment.