SIEM Integration Guide for the Cato API

This article links to a standalone guide that discusses working with the Cato API, including:

  • How to generate API keys and make simple queries using curl.
  • Sample code in Python for making more complex queries.
  • The range of different queries available in the public API.
  • Error handling and rate limiting.
  • Sample events in JSON format.
  • An end-to-end example of how to use the API to push security events from Cato into Microsoft Sentinel.

You can distribute this guide to third parties such as SOC providers and SIEM vendors.

Any questions or feedback should be sent to api@catonetworks.com.

Was this article helpful?

3 out of 3 found this helpful

6 comments

  • Comment author
    Sandro Waelchli

    A direct Connector in the Microsoft Sentinel Content Hub would be amazing!

  • Comment author
    Vongsovann Heng

    We also need a direct connector to Microsoft Sentinel.

  • Comment author
    Kris Caylor

    Agree on the direct connector.

  • Comment author
    Justin Richert

    +1 on the direct Connector in the Microsoft Sentinel Content Hub 

  • Comment author
    Peter Zwieryznski

    Agreed!

  • Comment author
    tom.treat

    CrowdStrike NG-SIEM connector would be great too. Thanks! 

Add your comment