Forum Discussion

Meteor

4 months ago

Solved

eventsFeed.py - Enough?

Hi all, We've started to try and integrate Cato with our Qradar platform. We are ingesting logs using the eventsFeed.py script. This is working well, but I'm curious if I'm "missing" anything or ...

peter

Cato Employee

4 months ago

Hello DavidG,

If you're successfully fetching events using eventsFeed.py then you could also set up separate processes to ingest audit trail events using auditFeed (perhaps using auditFeed.py) and you could also do the same to receive XDR stories using the XDR stories API. Because these queries all work slightly differently and have different rate limits, you probably would need separate pollers.

Forum Discussion

eventsFeed.py - Enough?

Related Content

Re: SDP manual PoP greyed-out

Re: My Experience So Far With CATO Community

Area for users to submit and vote for RFEs

Re: Need help with prelogin Intune deployment

Recent Discussions

How can I isolate traffic between two specific sites using the Cato API?

Example: Agentic AI with Cato

Looking for Socket Interface Wan Role and Precedence

accountMetrics, part 3: monitoring throughput against licence

Example: calculating average event size using eventsFeed