Hey Siri.... Find me these Cato events
Imagine as a SASE admin (already busy hunting critical threats and protecting your org from on-prem and cloud threats) how much you would hate if you have to write complex queries for simple searches? No one more Yet another query language please! But this is how our competitors did it by making you learn their syntax and their version of Regex to find events. For a simple search to find all traffic to 'google' and 'microsoft' or all phishing URLs why does it have to be so difficult? We took a radically innovative approach to finding results. Very close to Apple's 'Hey Siri'! Sure you can use our filters and presets (check out my previous article on custom presets). We have now made it even better with our innovative AI powered Natural Language Search feature. Simply click the magnifying glass on far right and write your queries in your own words. How to: Event Monitoring > Far right magnifying glass (note the far right icon in the screenshot next to #1) NLS ability will be extended to Audit Logs as well! This feature is currently in beta. [Contact your Cato Networks representative if you would like this feature enabled in your account] Key Features: Uses everyday language to find relevant data Translates natural language queries into specific filters Automatically formats table results to show relevant columns Example Queries Show me all RDP blocked traffic Show me all DNS traffic Show me Internet firewall security events from phishing category URLs Show recent security incidents and alerts related to application vulnerabilities Show me security alerts where data was sent from computer 10.0.0.1 to 10.0.0.2 Power of Cato powered networks! Explore more: https://support.catonetworks.com/hc/en-us/articles/21585563225757-Filtering-Events-with-Natural-Language-SearchCan't Export Dashboards?... Export button grayed out?
Issue:-I have editor permission under Networks and Access tabs still I can’t export the sites or SDP users. -Export button is grayed out Background: Cato CMA (Cato Management Application) has extensive RBAC (role-based access control) permissions. Since we introduced RBAC set of permissions have continued to be more granular in terms of what the admins can limit under various sections of the CMA. Some of the permissions may have evolved. This is one I ran into most recently that I thought would be worth sharing. How to: If you are running into this issue enable the Edit permissions under the Monitoring Administration > Roles & Permissions
