Product Update - Apr. 29th, 2024

Partner Updates

  • Adaptive API Rate-limiting for Partner Accounts: We are enabling Partner accounts to query multiple managed accounts with adaptive rate limiting:
    • Now the rate limit for API calls is counted separately for each managed account when the API key is defined on a Partner account. This lets partners perform API calls on multiple managed accounts without hitting the rate limit prematurely.
    • Previously, the same rate limit on API calls was applied to Partner accounts and Customer accounts.

Early Availability Features

This feature is now available as part of Cato’s EA program, if you’re interested please contact us at

  • Support for Additional Diffie-Hellman Groups for IPSec IKEv2 Sites: We now support two new key length groups, 19 and 20, that you can select when configuring the Diffie-Hellman Group for an IPsec IKEv2 site.

Tech Update Agenda

  • Video Product Update for Partners: Go to the Partner Only area in the Knowledge Base to watch in-depth videos on these topics (available from Monday, Apr 29th):
    • Using XDR Query API to create custom dashboards and automation flows
    • Manually upgrade a Socket to a newer version

Security Updates

  • IPS Signatures:
    • View more details about the IPS signatures and protections in the Threats Catalog
      • Ransomware - DumbStackz (Enhancement)
      • Ransomware - FBIRAS (Enhancement)
      • Ransomware - AttackFiles (New)
      • Ransomware - HWABAG (New)
      • Ransomware - DysentryClub (Enhancement)
      • Ransomware - Crocodile Smile (Enhancement)
      • Ransomware - L00KUPRU (Enhancement)
      • Ransomware - Datah (Enhancement)
      • Ransomware - Rincrypt (Enhancement)
      • Ransomware - Unkno (Enhancement)
      • Ransomware - Ncov (Enhancement)
      • Ransomware - Stop/Djvu (Enhancement)
      • Malware - Cryptbotv2-CnC communication (New)
      • Malware - DarkGate CnC communication (New)
      • Malware - ObserverStealer CnC communication-Check-in (New)
      • Malware - FFDroider-CnC communication (New)
      • Malware - Vodkagats Loader CnC communication-Payload (New)
      • Malware - TrickBot Anchor-Checkin (New)
      • Malware - Vidar Stealer CnC communication - Style Headers In HTTP POST (New)
      • Malware - Vidar Stealer CnC communication - Style Headers post (New)
      • Malware - Stealc Stealer CnC communication - Style Headers post (New)
      • Malware - Generic Stealer CnC communication - Style Headers post (New)
      • Malware - GCleaner Downloader - CnC communication (New)
      • Malware - Konni RAT CnC communication (New)
      • Malware - PureLogs Stealer - C2 Connection (New)
      • Malware - Arkei Stealer C2C Communication - IP Lookup (Enhancement)
      • CVE-2022-38108 (New)
      • CVE-2023-32714 (New)
      • CVE-2024-3400 (Enhancement)
      • CVE-2023-26477 (New)
      • CVE-2024-25153 (New)
      • CVE-2024-1403 (New)
      • CVE-2023-43208 (New)
      • CVE-2020-24391 (New)
      • CVE-2023-4634 (New)
      • CVE-2022-4305 (New)
      • CVE-2018-14716 (New)
      • CVE-2023-24955 (New)
      • CVE-2020-13957 (New)
      • CVE-2023-36210 (New)
      • CVE-2021-31474 (New)
      • Exploiting Server Side Template Injection to gain Remote Code Execution (New)
  • Detection & Response:
    • These are the updates to the Indications Catalog
      • Threat Hunting Indications:
        • Malware DNS Activity (Emotet) (Enhancement)
        • Dynamic DNS services (Enhancement)
        • Suspicious Network Traffic (Enhancement)
        • Suspicious Cryptomining Activity (JSON-RPC) (Enhancement)
        • Suspicious SSH Communication to Low-Popularity Domains (Enhancement)
        • Lateral transfer of possibly suspicious tool over SMB (Enhancement)
      • Threat Prevention:
        • Suspicious TOR Traffic (Enhancement)
  • Suspicious Activity Monitoring:
    • These protections were added to the SAM service:
      • Downloading PowerToll (New)
      • Lateral ADfind transfer over SMB (Enhancement)
      • Lateral Filezilla transfer (Enhancement)
      • Lateral PuTTY transfer (Enhancement)
      • Lateral MobaXterm transfer (Enhancement)
      • Lateral Nmap transfer (Enhancement)
      • Lateral Mimikatz transfer (Enhancement)
      • Lateral WinSCP transfer (Enhancement)
      • Lateral Powershell script transfer (New)
      • Lateral Netcat transfer over SMB (Enhancement)
  • Apps Catalog:
    • Added over 100 new SaaS applications including (you can view the SaaS apps in the Apps Catalog):
      • Enhanced these apps: 
        • Private Internet Access VPN (Enhancement)
        • Tunnelbear (Enhancement)

Was this article helpful?

0 out of 0 found this helpful


Add your comment