"Resources > App catalog" -view lists all the built-in apps, but what are the "rules" that make up an app?
For example, what criteria is used to categorize an app as "Amazon AWS"? URLs? IP ranges?
In our PoC we used "Atlassian JIRA and Confluence" in a network rule, but found that the rule does not work, when using a custom FQDN, such as customer.atlassian.net.
Cato EmployeeThe internal applications/services signatures is rather dynamic. It is composed from IP's/FQDN's but also from the information gathered from the flow.
You can use the app catalog to view the generic ports and if or if not an app is dynamic: https://support.catonetworks.com/hc/en-us/articles/7603867737885-Using-the-App-Catalog
You can also create a custom app (please be as detailed as possible in the app definition to avoid that it will overwrite another app): https://support.catonetworks.com/hc/en-us/articles/4413265662993-Working-with-Custom-Apps
Related to having more detail in the app catalog, I would suggest to open an RFE with your Cato representative and to write here also Idea Hub | Cato Connect so that everybody can vote for it too...
I too would like to see more transparency on what traffic is part of the default App categories. Wind up having to create Custom Apps to be sure and pair it with the default App category to be sure nothing is missed.
Yesterday I got this from CATO support:
"applications in Cato are identified based on several factors by the appstack, such as HTTP headers for example and not only by IPs since a single IP can belong to several applications".
I had similar problem in the past, CATO app for ServiceNow didn't catch the traffic towards my company instance ("mycompany.service-now.com") and I created a ticket to update the app definition. Took some time but has been finally done.
Regards,
Piotr Wegnerowski
Thanks, makes sense! Don't know if a list exists that shows all the related info per app, but I could sure use one. E.g. Amazon AWS= *.amazonaws.com, IP ranges 68.66.112.0/20, 52.94.7.0/24 etc.
We did indeed work around the custom domain -thing by creating custom categories to which we placed the URLs and then referenced the categories in rules.
It's categorized by Protocol, Ports, Destination IPs, and Domain. You can see the same when you build custom apps. With Cato I found the domain to be a bit specific. So if you are including your customer name prior to the root domain Cato doesn't normally catch this. What you will need to do is build a Custom App to include your domains and anything else to better categorize it (e.g. Web would be Port 443). Then add that Custom app to your existing Rule. This should expand the Native Layer 7 Apps they have built in matching either the Native or your custom app.
