"Resources > App catalog" -view lists all the built-in apps, but what are the "rules" that make up an app?
For example, what criteria is used to categorize an app as "Amazon AWS"? URLs? IP ranges?
In our PoC we used "Atlassian JIRA and Confluence" in a network rule, but found that the rule does not work, when using a custom FQDN, such as customer.atlassian.net.
It's categorized by Protocol, Ports, Destination IPs, and Domain. You can see the same when you build custom apps. With Cato I found the domain to be a bit specific. So if you are including your customer name prior to the root domain Cato doesn't normally catch this. What you will need to do is build a Custom App to include your domains and anything else to better categorize it (e.g. Web would be Port 443). Then add that Custom app to your existing Rule. This should expand the Native Layer 7 Apps they have built in matching either the Native or your custom app.
Yesterday I got this from CATO support:
"applications in Cato are identified based on several factors by the appstack, such as HTTP headers for example and not only by IPs since a single IP can belong to several applications".
I had similar problem in the past, CATO app for ServiceNow didn't catch the traffic towards my company instance ("mycompany.service-now.com") and I created a ticket to update the app definition. Took some time but has been finally done.
Regards,
Piotr Wegnerowski
Thanks, makes sense! Don't know if a list exists that shows all the related info per app, but I could sure use one. E.g. Amazon AWS= *.amazonaws.com, IP ranges 68.66.112.0/20, 52.94.7.0/24 etc.
We did indeed work around the custom domain -thing by creating custom categories to which we placed the URLs and then referenced the categories in rules.
I too would like to see more transparency on what traffic is part of the default App categories. Wind up having to create Custom Apps to be sure and pair it with the default App category to be sure nothing is missed.
