Cato Rapid7 SIEM API Integration

Question

Followed the configuration steps in the links below, but laid an egg. I mean, the integration still isn’t working

https://support.catonetworks.com/hc/en-us/articles/13975273800733-Cato-Data-Third-Party-Supported-Integrations

https://docs.rapid7.com/insightidr/cato-networks/

I’ve opened tickets with both Cato and Rapid7 since each points to the other as the root cause. It’s turning into a real whodunit, fun and frustrating at the same time. If anyone has already solved this mystery, please share any insights.

catodawg · Answer

I was able to get this working after rebuilding from scratch. I think perhaps it was the default 'EU' region that was affecting the collection from the R7 side. Not sure. But rebuilt from scratch on both ends and its working now.&nbsp;

michaelsaw · Answer

Hi&nbsp;CatoDawg,
Just to check-in on the symptoms, after clicking on "View Raw Log button" (in InsightIDR), was there any logs seen? ___
Cheers

Forum Discussion

Cato Rapid7 SIEM API Integration

2 Replies

Recent Discussions

Permission errors when testing Cato API with Python

API for Creating Users in CMA

Regarding the execution interval of the Azure Functions template for Cato log integration

Custom Category creation via API/Terraform

Terraform: IPsec site creation with Responder-only and destination type FQDN possible?