Understanding the Cato Catalogs for Partners

This article describes the catalogs in the Cato Management Application (CMA) that are available for Cato partners to research information about apps and cyber threats.

Overview

Cato maintains several catalogs with detailed information and security data for thousands of applications, cyber threats, and indicators of attack. The catalogs are available in the CMA and are dynamically updated on a regular basis to reflect the latest additions and changes to the databases used by Cato Security and Network services. These resources help you manage services for your customers and provide important information they may need for configuring policies or handling security threats.

These are the available catalogs:

  • App Catalog - Provides detailed information about cloud-based and on-premise apps and services

  • Threat Catalog - Contains security data and general information about the wide array of cyber threats covered by the Cato Security services

  • Indications Catalog - Descriptions and reference information for the hundreds of indications (indicators of attack) identified by the Cato XDR security engines

Partners can access these catalogs in their own CMA account without needing to enter a managed account. This makes it easier for partner teams to provide services to multiple managed accounts. The partner catalogs include content relevant to all accounts, with no specific account information. The catalogs available to customers contain some information relevant only to the specific account. For more about the differences between partner and customer catalogs, see the catalog descriptions in the sections below.

Use Cases

  • A Cato partner has multiple managed accounts that are in the field of healthcare. Some of the customers realize that employees are using the Otter.ai cloud app to record meeting notes, and they need to know whether it meets compliance standards.

    The partner admin opens the partner App Catalog in CMA without needing to enter a managed account, and looks up the Otter.ai app. The catalog shows that the app is not HIPAA compliant. The partner admin advises the relevant customers to block access to the app by creating an Internet Firewall rule in CMA using the preconfigured Application for Otter AI.

  • A Cato partner provides a SOC service that uses Cato XDR as one of the core components. The SOC team notices that a number of the managed accounts have XDR stories with the indication Ransomware Heuristic Detection High Confidence. The team looks up the indication in the partner Indication Catalog to better understand the threat. The catalog shows the MITRE ATT&CK® technique associated with this indication, which helps the team start the investigation.

The App Catalog

The App Catalog provides detailed information about cloud-based and on-premise apps and services. It presents a general description as well as compliance and security data for thousands of apps, to help make informed decisions about app use in the organizational environment. All the apps and services in the catalog can be used in the policies and rulebases in the CMA.

Note

Note: Since the partner App Catalog is designed for managing all customer accounts, it can't be used to add an app to the Sanctioned Apps Category. Sanctioned apps can only be configured in the specific customer account.

To learn more about the App Catalog, see Using the App Catalog.

To show the App Catalog:

  • From the navigation menu, click Assets > App Catalog.

Partner_Catalogs-Apps.png

The Threat Catalog

The Threat Catalog is an extensive repository of security data and general information about the wide array of cyber threats covered by the Cato Security services. The Threat Catalog helps you understand the behaviors associated with the threats, and provides useful information such as which Cato Security engine protects against the threat, and the relevant MITRE ATT&CK technique for the threat.

To learn more about the Threat Catalog, see Using the Threat Catalog.

To show the Threat Catalog:

  • From the navigation menu, click Assets > Threat Catalog

Partner_Catalogs-Threat.png

The Indications Catalog

The Indications Catalog contains explanations and reference information for the hundreds of indications (indicators of attack) identified by the Cato XDR Security engines. The XDR stories that appear in the Stories Workbench are generated based on these indications. To help investigate an XDR story, you can look up the relevant indication in the catalog and find a full description of the actions and behaviors associated with the potential threat.

Note

Note: Since the partner Indications Catalog is designed for managing all customer accounts, it doesn't show the following specific account information that is shown in the customer Indications Catalog:

  • Account XDR license level

  • Whether specific indications are available for an account

To learn more about the Indications Catalog, see Using the Indications Catalog.

To show the Indications Catalog:

  • From the navigation menu, click Assets > Indications Catalog

Partner_Catalogs-Indications.png

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment