This article discusses how to expand data security coverage by integrating data from Sentra to enrich stories that you can review in the Cato Stories Workbench.
By integrating data from Sentra into the XOps platform, you can extend visibility into where sensitive data resides across cloud, SaaS, and data stores. This helps reduce data exposure risks by adding data-centric context to XOps detections and stories.
With the Sentra integration, the XOps platform detects exposed or misconfigured data stores, excessive access permissions, and violations involving regulated or critical data. This creates a unified risk view that combines data security posture with network, endpoint, and cloud signals.
Attackers often target sensitive data by exploiting misconfigurations or overly permissive access to data repositories. Once sensitive data is exposed, it can be exfiltrated directly or used to escalate attacks across the environment. The Sentra integration enables the XOps platform to correlate data exposure risks with other security events, providing the context needed to detect high-impact incidents early.
When a data misconfiguration or exposure is identified, you can mitigate the risk by configuring Cato DLP rules to restrict access to the affected data. This reduces the attack surface by limiting data movement and preventing unauthorized exfiltration while remediation is performed.
To integrate data from Sentra into XOps, you need to create an API connector for the Sentra application. After creating the connector, the XOps engine retrieves and analyzes the detection data from Sentra.
Stories generated from the integration are processed by the Generic Incident producer. The table below explains the widgets in these stories.
|
Name |
Description |
|---|---|
|
Summary widget |
A summary of basic information about the story, including the:
|
|
Details |
A summary explanation of the story and metadata. |
|
Timeline |
A timeline of events or actions taken in the story. |
|
Entities |
The entities where the stories occurred. These could be Users, Sites, Data stores, applications, etc. |
|
Evidence |
Supporting evidence to explain why an XOps story was generated. |
|
Raw Data |
Dynamic table containing the raw events that generated the story. |
To create the connector between Cato and your Sentra tenant, you need to:
-
Configure the integration in the Sentra console.
-
Create the API connector in the CMA.
-
A Sentra DSPM (Data Security Posture Management) license for API access
-
Administrator permissions to create API keys
In the Sentra console, create an API key.
To configure the integration:
-
Log in to the Sentra console (https://app.sentra.io) with an account that has Administrator permissions.
-
From the Sentra console navigation menu, select Settings > API Keys.
-
Click Create API Key. and configure the key:
-
Name - Enter a name for the integration
-
Expiration - Select an expiration period. The maximum available option is recommended to reduce rotation overhead.
-
Role - Select a role that includes Alert read permissions (for example, Viewer).
-
Click Create API Key. The key is created and shown only once.
-
-
Copy and save the API key so it can be entered in the CMA. The key is required for authentication and can't be retrieved later.
Note: Store the key securely. The API key can't be retrieved after initial generation.
After you have created the API client, add the details in the CMA.
To configure the Sentra connector in the CMA:
-
From the navigation menu, select Resources > Integrations.
-
On the Integrated Apps tab, click New. The New Integration panel opens.
-
Select the SaaS Application you want to add.
-
Enter the details created during step 1.
-
Click Save.
-
The app is visible on the Integrated Apps table with a Connected status.
Once you have created the connector, stories will be visible in the Stories Workbench.
For information about the columns in the Stories Workbench, see Understanding the Stories Columns
For more information on reviewing XOps stories, see Drilling-Down and Analyzing XOps Security Stories
0 comments
Article is closed for comments.