Full Context Enriched Events (Video)

Security Events Enriched with Full Network Context:

We enriched our Security events with extensive Network data to provide insights and better visibility. For example, using an Internet Firewall event you can now troubleshoot whether the flow was TLS inspected or bypassed and which Network Rule matches it, as well as the QoS priority value and the PoP’s Public Source IP.

  • New fields include:
    • TLS Inspection
    • Network Rule
    • Public Source IP
    • TCP Acceleration
    • Egress PoP Name
    • Egress Site
    • QoS Priority
    • Congestion Algorithm
    • Source Port
    • Host MAC Address
  • Queries from earlier than February 5th won’t retrieve events with the enriched fields
  • The new fields are supported in the Cato Management Application only. Support for exporting these fields to third-party systems with eventsFeed API will be available in the future

 

For more information, see Explaining the Event Fields and Analyzing Events in Your Network

Was this article helpful?

1 out of 1 found this helpful

0 comments

Add your comment