eventsFeed.py - Enough?

DavidG

Hi all,

We've started to try and integrate Cato with our Qradar platform. We are ingesting logs using the eventsFeed.py script.

This is working well, but I'm curious if I'm "missing" anything or need to integrate more events.

For example, could I add the "auditfeed.py" to the existing "eventsFeed.py" as I don't believe they pull the same events?

peter

Hello DavidG,

If you're successfully fetching events using eventsFeed.py then you could also set up separate processes to ingest audit trail events using auditFeed (perhaps using auditFeed.py) and you could also do the same to receive XDR stories using the XDR stories API. Because these queries all work slightly differently and have different rate limits, you probably would need separate pollers.