SIEM Integration Guide for the Cato API

This article links to a standalone guide that discusses working with the Cato API, including:

  • How to generate API keys and make simple queries using curl.
  • Sample code in Python for making more complex queries.
  • The range of different queries available in the public API.
  • Error handling and rate limiting.
  • Sample events in JSON format.
  • An end-to-end example of how to use the API to push security events from Cato into Microsoft Sentinel.

You can distribute this guide to third parties such as SOC providers and SIEM vendors.

Any questions or feedback should be sent to api@catonetworks.com.

Was this article helpful?

2 out of 2 found this helpful

3 comments

  • Comment author
    Sandro Waelchli

    A direct Connector in the Microsoft Sentinel Content Hub would be amazing!

  • Comment author
    Vongsovann Heng

    We also need a direct connector to Microsoft Sentinel.

  • Comment author
    Kris Caylor

    Agree on the direct connector.

Add your comment