eventsFeed.py - Enough?

Question

Hi all,We've started to try and integrate Cato with our Qradar platform. We are ingesting logs using the eventsFeed.py script.This is working well, but I'm curious if I'm "missing" anything or need to integrate more events.For example, could I add the "auditfeed.py" to the existing "eventsFeed.py" as I don't believe they pull the same events?

peter · Accepted Answer

Hello DavidG,If you're successfully fetching events using eventsFeed.py then you could also set up separate processes to ingest audit trail events using auditFeed (perhaps using auditFeed.py) and you could also do the same to receive XDR stories using the XDR stories API. Because these queries all work slightly differently and have different rate limits, you probably would need separate pollers.

Forum Discussion

eventsFeed.py - Enough?

Related Content

Re: SDP manual PoP greyed-out

Re: My Experience So Far With CATO Community

Area for users to submit and vote for RFEs

Re: Need help with prelogin Intune deployment

Recent Discussions

How do I filter AccountSnapshot by site?

For Beta queries

API Request to get all SDP users

Recorded Cato API Webinar - Now Available to watch!

Is "CORS Preflight Request" supported?