Recent Discussions
Cato Rapid7 SIEM API Integration
Followed the configuration steps in the links below, but laid an egg. I mean, the integration still isn’t working https://support.catonetworks.com/hc/en-us/articles/13975273800733-Cato-Data-Third-Party-Supported-Integrations https://docs.rapid7.com/insightidr/cato-networks/ I’ve opened tickets with both Cato and Rapid7 since each points to the other as the root cause. It’s turning into a real whodunit, fun and frustrating at the same time. If anyone has already solved this mystery, please share any insights.
Creating NAT Rules
Hi, I’m trying to figure out if it’s possible to create or update NAT Policy Rules for a site using the Cato GraphQL API. I’m using the siteUpdate mutation to modify the natPolicyRules field (adding DNAT rules), but I keep getting a "permission denied" (Code104) error even though my API key should have the right permissions. Just to clarify, the rules I want to create are in: Network → Sites → [Selected Site] → Routing → NAT Before I go any further, can someone confirm : Is it actually possible to create/modify NAT rules via the GraphQL API ? Is siteUpdate the right mutation for this ? I have about 300 DNAT rules to create, so doing it manually in the UI would be pretty painful. Thanks !
Sentinel CatoAuditEngine_CL logs registered multiple times
Hi, We deployed the template without making any changes to the json file, selecting Service Plan Type=Basic and Enable Cato Audit Logs. We also entered the correct values for Cato API Key and Cato Account ID. When we checked the logs for "CatoAuditEngine_CL" linked to the Log Analytics workspace, we found that the exact same log was registered multiple times. Of course, the exact same log is not output in the Audit Trail in the Cato portal. The template's Azure Functions is causing the same log to be linked to the Log Analytics workspace multiple times. Do you know what the cause is? Also, is there a way to fix this? Thank you.Sentinel event-marker.txt
Hi, For logs that are integrated with Cato, the log acquisition location is remembered using files such as "event-marker.txt." We would like to confirm the behavior of this marker. For example, if the Azure Functions timer trigger does not start properly and is skipped, will logs that have not been integrated into the Log Analytics workspace be integrated based on the value of the marker? If they are integrated, is there is a limit to the number of logs that can be retrieved using the marker (number of logs or time)? Thank youSentinel SKU Value in cato_deploy.json
Hi, Is it possible to change the sku value of "Microsoft.Web/serverfarms" listed in the cato_deploy.json file? For example, the template allows to select the P1v3 sku, but are there any risks in making the following changes, such as changing it to the P0v3 sku? "sku": { "name": "P0v3", "tier": "PremiumV3", "size": "P0v3", "family": "Pv3", "capacity": 1 } Thank you
