This article discusses how to expand data security coverage by integrating data from Cyera to enrich stories that you can review in the Cato Stories Workbench.
By integrating data from Cyera into the XOps platform, you can extend visibility into where sensitive data resides across cloud, SaaS, and data stores. This helps reduce data exposure risks by adding data-centric context to XOps detections and stories.
With the Cyera integration, the XOps platform detects exposed or misconfigured data stores, excessive access permissions, and violations involving regulated or critical data. This creates a unified risk view that combines data security posture with network, endpoint, and cloud signals.
Attackers often target sensitive data by exploiting misconfigurations or overly permissive access to data repositories. Once sensitive data is exposed, it can be exfiltrated directly or used to escalate attacks across the environment. The Cyera integration enables the XOps platform to correlate data exposure risks with other security events, providing the context needed to detect high-impact incidents early.
When a data misconfiguration or exposure is identified, you can mitigate the risk by configuring Cato DLP rules to restrict access to the affected data. This reduces the attack surface by limiting data movement and preventing unauthorized exfiltration while remediation is performed.
To integrate data from Cyera into XOps, you need to create an API connector for Cyera. After creating the connector, the XOps engine retrieves and analyzes the detection data from Cyera.
Stories generated from the integration are processed by the Generic Incident producer. The table below explains the widget in these stories.
|
Name |
Description |
|---|---|
|
Summary widget |
A summary of basic information about the story, including the:
|
|
Details |
A summary explanation of the story and metadata. |
|
Timeline |
A timeline of events or actions taken in the story. |
|
Entities |
The entities where the stories occurred. These could be Users, Sites, Data stores, applications, etc. |
|
Evidence |
Supporting evidence to explain why an XOps story was generated. |
|
Raw Data |
Dynamic table containing the raw events that generated the story. |
To create the connector between Cato and your Cyera tenant, you need to:
-
Configure the integration in the Cyera console
-
Create the API connector in the CMA
In the Cyera console, identify the base URL, Client ID, and Client secret.
To configure the integration:
-
In your Cyera console (https://<your_tenant>.cyera.io), from the profile icon, navigate to the Integrations and select the Cato Networks integration.
-
Choose the expiration timeline.
-
Click Generate Token.
-
Copy and save the following information so it can be entered into the CMA.
Note: This information is only displayed once.
-
Base URL (your Cyera API endpoint)
-
Client ID
-
Client Secret
-
After you have created the API client, add the details in the CMA.
To configure the Cyera connector in the CMA:
-
From the navigation menu, select Resources > Integrations.
-
On the Integrated Apps tab, click New. The New Integration panel opens.
-
Select the SaaS Application you want to add.
-
Add the details created during step one.
-
Click Save.
-
The app is visible on the Integrated Apps table with a Connected status.
Once you have created the connector, stories will be visible in the Stories Workbench.
For information about the columns in the Stories Workbench, see Understanding the Stories Columns
For more information on reviewing XOps stories, see Drilling-Down and Analyzing XOps Security Stories
0 comments
Article is closed for comments.