New Features & Enhancements
- Client Rollout Pilot Users Supports User Groups: Simplify Client upgrades by adding user groups to the Pilot Users list, such as Pilot Users or IT. This helps you manage controlled rollouts more efficiently without adding users individually.
-
Custom Default Values for Webhook Fields: Custom webhooks let you send Cato events to external systems using configurable URLs, headers, and payloads. Define a custom default value instead of using NA, helping ensure compatibility with external systems that require specific formats or values.
- Override default values for dynamic fields in webhook URLs, payloads, and headers
- Use the *$ {field:defaultValue} * format to define the default values
-
Cato Splunk TA Supports Splunk Enterprise Integration and CIM: Seamlessly integrate Cato event data with Splunk Technology Add-on (TA) using CIM-compliant normalization.
- Supports key Splunk CIM data models, including: Network Traffic, Intrusion Detection, DNS, Web, Authentication, Malware, and Change
- Enables immediate use of out-of-the-box Splunk ES dashboards and detection content across network, security, and user activity domains
- Works with Splunk Enterprise Security (ES) environments, including deployments with content packs such as ESCU, without requiring additional customization
- Enhanced Behavior for Muted XOps Stories: Muted stories generated by the Threat Prevention and Threat Hunting engines are now visible in the Cato Management Application with a mute flag. This enhancement gives teams better visibility into muted activity while keeping the Stories Workbench focused on relevant items.
- SLA Thresholds for Active/Active Socket Links: Define granular SLA thresholds for each Socket link in active/active site configurations for scenarios that require custom thresholds.
- Previously, custom SLA thresholds were only available for active/passive Socket site configurations
- Supported from Socket v25 and higher
-
Identify Office Users with User Awareness: User Awareness was extended to users working in the office without assigning them a ZTNA license. This improves accuracy for identity-based policies and user attribution in DEM, and supports all IdPs.
- Supported from Windows Client v5.18 and macOS Client v5.11
- Failed authentication events now use the Authenticated sub-type with a fail status, replacing connected with a fail status.
- Posture Compliance Report: A new report maps compliance controls from leading compliance frameworks, including GDPR, ISO 27001:2022, and NIST SP 800-53 Rev. 5 to the relevant Cato posture checks. This helps you understand compliance coverage, identify gaps, and prioritize remediation based on the impact and status of each check.
PoP Announcements
-
These are the new ranges that are now available for the PoP locations:
- Amsterdam, NL: 159.117.241.0/24
- New York City, US: 199.27.50.0/24
- Paris, FR: 159.117.240.0/24
Security Updates
-
Apps Catalog
View more details about apps in the Apps Catalog.
- New Apps: 2 new apps (Cato Proxy, Perplexity Computer)
- Enhanced Apps:
- Amity
- Modified name from Convolab to Amity
- Added domain amity.co
- Claude
- Added domain claudemcpcontent.com
- Google Ads
- Updated app domains
- Amity
- Category Changes:
- Business Operations AI:
- Removed apps: 15Th Rock, 5W Strategists
- Generative AI Tools:
- Removed apps: 15Th Rock, 5W Strategists, Activ-Al
- Healthcare AI:
- Removed app: Activ-Al
- Business Operations AI:
-
IPS Signatures
View more details about the IPS signatures and protections in the Threats Catalog.
- CVE-2021-2135 (New)
- CVE-2021-21805 (New)
- CVE-2022-38130 (Enhancement)
- CVE-2025-71260 (New)
- CVE-2026-21902 (New)
- CVE-2026-24294 (New)
- CVE-2026-25892 (New)
- CVE-2026-27971 (New)
- CVE-2026-29014 (New)
- CVE-2026-34156 (New)
- Scanners - Modbus Scanner | Read Holding Registers (New)
- Scanners - Modbus Scanner | Write Multiple Holding Registers (New)
- Scanners - SMB Anonymous Login Scans (New)
-
SAM Signatures
These protections were added to the SAM service:
- OpenClaw Agent Download from Raw Github User Content (New)
- OpenClaw Agent Searching GitHub via API (New)
- Suspicious VSCode Extension Download (New)
- OpenClaw Slack Bot Communication (New)
-
XDR Indications of Attack
- Anomaly Detection
- First Occurrence of Scheduled Task Romotley Added (New)
- Spike in Non-Compliant Devices (New)
- Anomaly Detection
-
Device Inventory
These are the updates to the Device Inventory detection engine:
- Video Conferencing
- Logitech
- Logitech Tap IP (New)
- Logitech RoomMate (New)
- Logitech
- IP Camera
- Verkada (Enhancement)
- Video Conferencing
-
Application Control Via API and Data Protection API Integrations
These enhancements were made for Application Control Via API
- Atlassian
- Anomalies (Enhancement)
- Azure AD
- Third Party Apps (Enhancement)
- Box
- Activity (Enhancement)
- ChatGPT
- Activity (Enhancement)
- DocuSign
- Anomalies (Enhancement)
- Dropbox
- Activity (Enhancement)
- Anomalies (Enhancement)
- GitHub
- Anomalies (Enhancement)
- Google Apps
- Activity (Enhancement)
- Anomalies (Enhancement)
- Microsoft General
- Activity (Enhancement)
- Anomalies (Enhancement)
- Microsoft Exchange
- Activity (Enhancement)
- Anomalies (Enhancement)
- Salesforce
- Activity (Enhancement)
- Third Party Apps (Enhancement)
- SharePoint
- Activity (Enhancement)
- Slack
- Activity (Enhancement)
- Anomalies (Enhancement)
- Third Party Apps (Enhancement)
- Snyk
- Anomalies (Enhancement)
- Workday
- Activity (Enhancement)
- Zoom
- Experience (Enhancement)
- Atlassian
Note: Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.
0 comments
Please sign in to leave a comment.