Recent Discussions
DSCP Markers in Microsoft Teams
I have been reading the following article which shows it was updated 6 months ago and so I think it must still be relevant: https://support.catonetworks.com/hc/en-us/articles/4408901533073-Implementing-QoS-using-Microsoft-Teams-and-Cato Our app analytics only show the Skype and MS Teams application, rather than being broken down into these: We use Cisco switches, and for the ports connected to the socket we use the following: switchport trunk native vlan 99 switchport mode trunk ip device tracking maximum 0 no access-session monitor spanning-tree portfast edge trunk ip dhcp snooping trust We do have GPO/InTune that sets the DCSP on our laptops. Do we need to configure anything on the Cisco switches for this to work? Or is there another reason I haven't thought of?Nath4 days agoMeteor67Views0likes3CommentsMicrosoft Defender for Endpoint alerts no longer showing in Stories Workbench
I'm seeking advice regarding the integration between Cato XDR and Microsoft Defender for Endpoint (MDE). Previously, MDE alerts were being displayed correctly in Cato XDR (Home > Stories Workbench), but since yesterday, new incidents detected in MDE are no longer appearing in XDR. Below is the current status of our investigation: When an incident occurs on a device, it is properly detected and displayed in MDE. The integration with MDE was successfully completed, and the corresponding application in Entra ID has been granted the following application permissions with admin consent: SecurityAlert.Read.All SecurityIncident.Read.All ThreatHunting.Read.All User.Read (delegated) User.Read.All (application) In Microsoft Entra ID, the Sign-in logs show that all sign-ins by the service principal are marked as "successful." We tried deleting "Microsoft Defender" once from Security > Endpoint Connector and re-integrating it, but the alerts still do not appear in XDR. I would greatly appreciate any advice or insights to help resolve this issue. Thank you very much in advance.Solved97Views0likes2CommentsDevice posture basis domain name
One of the issue we raised during Cato Connect program was around device posture policy basis domain and it was clarified that this falls under advanced configuration and can be done by support/CSM team. I raised ticket for the same and the response was that they can apply but from backend and at account level. I want to exclude some of my senior management from this policy but it is not feasible now since done at account level. Also I cant do testing by applying this device posture basis domain for some 2-3 users to see if it works properly and also no option from frontend to disable if there is any issue and totally depend on service ticket and backend team. This makes this good policy not to be deployed as it has potential risk since neither testing can be done nor exclusion can be done unlike any other device posture policy since policy deployed from backend and deployed at account level.PrakashRIndia27 days agoSatellite57Views0likes4CommentsSetting up SSO with IdPs other than the default nine?
I would like to ask about the possibilities of setting up SSO integration with Identity Providers (IdPs) that are not among the nine default options provided. What methods are available for establishing SSO connections with IdPs beyond the default nine? Is there a way to configure a generic IdP setting, or can we leverage the existing nine IdP configurations to connect with other IdPs? Additionally, is there a process to request a new IdP to be officially supported or added as a connection option? Any insights or guidance on this would be greatly appreciated. Thank you. Sincerely, hisashihisashi29 days agoComet38Views0likes1CommentRegarding files allowed by Anti-malware File Exceptions
We defined an exception using a file hash in the File Exceptions setting, and the corresponding file is now downloadable. However, no event log appears for this File Exception in the Events page. Is this the expected behavior?36Views0likes2CommentsCato Connect Event: AMA with Professional Services
Ever wish you could get direct time with the experts? On June 3rd, 2025 at 11:00 AM EDT, you’ll get just that — a live AMA with two of our Principal Consultants from the Cato Professional Services team. We’ll cover topics like: Designing and implementing a CMA deployment Best practices we’ve seen across real-world environments Your questions — seriously, bring them Here’s how to get the most out of it: Click here to register and get the calendar invite and join us live Post your questions below in the comments — we’ll answer pre-submitted ones first, before tackling live chat during the session + See a question you like? Give it a “like” to help it rise to the top Note: We won’t be able to look at specific CMA instances — demos will be done using internal environments. That’s it — register, post your questions, and we’ll see you there! Presenters: Principal Consultant Professional Services, Italy Principal Consultant Professional Services, USA If you run into any issues, @mention me or email us at community@catonetworks.comyumdarling2 months agoCommunity Manager283Views5likes1Comment