Event Integrations let you automatically forward Cato event data to external platforms and storage destinations for retention, monitoring, and analysis. This helps you use Cato events in your existing SOC, SIEM, and data lake workflows without manually exporting data or continuously polling for it.
Depending on the integration type, Cato either continuously pushes events to cloud storage or forwards them directly to a supported third-party platform through a native connector. You can also define filters to control which events are included, so you only send data that is relevant for your use case. This helps reduce noise and lower ingestion costs.
Filtering Events
The available filtering options depend on the integration type:
- Cloud storage integrations, such as Amazon S3 and Azure Storage, support filtering by event type or sub-type.
- Native CMA integrations for SIEMs, such as CrowdStrike, Microsoft Sentinel, and Splunk, support filter groups. These groups let you filter events using fields such as action, severity, rule name, application, site, or user.
- If access to the third-party service is limited to specific IP addresses, see this article for the Cato IP addresses that you need to allow (you must be signed in to view this article).
- You can define up to three Event Integrations for your account.
0 comments
Article is closed for comments.