Recent Content
DSCP Markers in Microsoft Teams
I have been reading the following article which shows it was updated 6 months ago and so I think it must still be relevant: https://support.catonetworks.com/hc/en-us/articles/4408901533073-Implementing-QoS-using-Microsoft-Teams-and-Cato Our app analytics only show the Skype and MS Teams application, rather than being broken down into these: We use Cisco switches, and for the ports connected to the socket we use the following: switchport trunk native vlan 99 switchport mode trunk ip device tracking maximum 0 no access-session monitor spanning-tree portfast edge trunk ip dhcp snooping trust We do have GPO/InTune that sets the DCSP on our laptops. Do we need to configure anything on the Cisco switches for this to work? Or is there another reason I haven't thought of?5Views0likes2CommentsupdateBgpPeer
Is there anyone who could use the api to update a site IPsec site that has two BGP peers. We are getting the message: "errors": [ { "message": "Value must be consistent across all neighbors", "path": [ "site", "updateBgpPeer" ] } ], "data": { "site": { "updateBgpPeer": null } } }14Views0likes1CommentMicrosoft Defender for Endpoint alerts no longer showing in Stories Workbench
I'm seeking advice regarding the integration between Cato XDR and Microsoft Defender for Endpoint (MDE). Previously, MDE alerts were being displayed correctly in Cato XDR (Home > Stories Workbench), but since yesterday, new incidents detected in MDE are no longer appearing in XDR. Below is the current status of our investigation: When an incident occurs on a device, it is properly detected and displayed in MDE. The integration with MDE was successfully completed, and the corresponding application in Entra ID has been granted the following application permissions with admin consent: SecurityAlert.Read.All SecurityIncident.Read.All ThreatHunting.Read.All User.Read (delegated) User.Read.All (application) In Microsoft Entra ID, the Sign-in logs show that all sign-ins by the service principal are marked as "successful." We tried deleting "Microsoft Defender" once from Security > Endpoint Connector and re-integrating it, but the alerts still do not appear in XDR. I would greatly appreciate any advice or insights to help resolve this issue. Thank you very much in advance.Solved43Views0likes2CommentsDisabling Connect On Boot for external user
Hi, we have activated the "Always On" policy for our users and an "on demand" rule for our external service providers. To ensure that always on is applied for our users, we have checked the "connect on boot" option, but unfortunately this option also applies to external service providers. Can our service providers override this option (registry key?) so that the CATO client doesn't launch at startup? (when I asked the CATO AI, it mentioned a key, but it doesn't seem to work). I can't see specfic configuration in user profile to override this nether. Any idea ? Thanks ! Regards38Views0likes1CommentTerraform vSocket 2-NIC Module issues
We are in the process of deploying a 2 NIC vSocket cluster in Azure with Terraform. In doing so, we have encountered hurdles, some of which have been solved by a newly published terraform module from cato: https://github.com/catonetworks/terraform-cato-vsocket-azure-ha-vnet-2nic/ However, there is no 2-Nic module that only deploys the VSockets without deploying additional resources. The current 2-NIC module does not allow resource groups or VNETs to be created, but other resources such as subnets, public IP, interfaces, NSG, routing tables etc. are still created. This means that we have to take the module apart and adapt it to our requirements. However, we would like to be able to fall back on a standard module from CATO and not maintain a customized module. Interestingly, this module is already available for the 3-NIC Solution: https://github.com/catonetworks/terraform-cato-vsocket-azure/blob/main/main.tf (Standalone) https://github.com/catonetworks/terraform-cato-vsocket-azure-ha/blob/main/main.tf (HA) What we need is a 2-NIC module, which is analogous to the above without additional Azure resources deployed. Furthermore, the 2-NIC module also limits which options can be used for the azurerm_linux_virtual_machine resource. The following options are missing: - Naming Convention (the option to use completely custom names for the vSockets) - Use of availability zones Is there any information on whether and when something like this is coming?28Views1like2CommentsPotential for abuse of the password reset link with https://cc2.catonetworks.com/forgotAdminPassword
Hi, This is Cato Lab from South Korea. Our customer raised a question. Is there any way to prevent malicious actors from repeatedly entering an email address to trigger password reset emails, potentially spamming or annoying administrators? Their concern is that someone could misuse the reset link mechanism to repeatedly send reset emails, causing inconvenience to the administrators or account owners. Does Cato have any existing protections or recommended best practices to mitigate this type of abuse? It will be really helpful if you guys know any type of protection behavior for administrators regarding using this webpage. Thanks, Best Regards, Cato Lab.14Views0likes0CommentsDefender for Identity - VPN Integration
Hi, We frequently get false positives from Microsoft Defender for Identity because it's unable to map the IP address Cato assigns a remote user with their laptop hostname. I guess our on prem Microsoft sensors are unaware of the Cato client range. I think the only way to fix it is to send RADIUS accounting events from Cato to the Microsoft sensor, but I don't think this can be done? https://learn.microsoft.com/en-us/defender-for-identity/vpn-integration15Views0likes0Comments