Forum Discussion

Meteor

2 months ago

Solved

eventsFeed.py - Enough?

Hi all, We've started to try and integrate Cato with our Qradar platform. We are ingesting logs using the eventsFeed.py script. This is working well, but I'm curious if I'm "missing" anything or ...

peter
2 months ago
Hello DavidG,
If you're successfully fetching events using eventsFeed.py then you could also set up separate processes to ingest audit trail events using auditFeed (perhaps using auditFeed.py) and you could also do the same to receive XDR stories using the XDR stories API. Because these queries all work slightly differently and have different rate limits, you probably would need separate pollers.

peter

Cato Employee

2 months ago

Hello DavidG,

If you're successfully fetching events using eventsFeed.py then you could also set up separate processes to ingest audit trail events using auditFeed (perhaps using auditFeed.py) and you could also do the same to receive XDR stories using the XDR stories API. Because these queries all work slightly differently and have different rate limits, you probably would need separate pollers.

Forum Discussion

eventsFeed.py - Enough?

Related Content

Re: My Experience So Far With CATO Community

Re: SDP manual PoP greyed-out

Area for users to submit and vote for RFEs

Re: Need help with prelogin Intune deployment

Recent Discussions

How do I filter AccountSnapshot by site?

For Beta queries

API Request to get all SDP users

Recorded Cato API Webinar - Now Available to watch!

Is "CORS Preflight Request" supported?