What this integration is
This integration ingests Cato Networks events into your SOCFortress SIEM stack using the Cato API (commonly via theeventsFeed capability).
Vendor reference:
- Cato API docs: https://api.catonetworks.com/documentation/
Data path (how it flows)
- Cato Networks → events API feed
- CoPilot collector → SIEM ingestion (indexing/search)
- Optional: alerting and incident workflows
Prerequisites
- Cato Management Application access
- API key created with appropriate permissions
- Event feed enabled (Administration → Event Integrations)
Credentials you’ll need
From Cato:- Account ID (from the URL)
- API key
- Choose View permissions for read-only ingestion.
- Copy the key immediately when generated (can’t be retrieved later).
CoPilot setup (recommended workflow)
- Provision the customer.
- Add Cato Networks integration under the customer.
- Provide account ID + API key.
- Validate that events begin flowing.
Success criteria
- Events show up for the expected customer
- You can correlate an event in Cato with an event in the SIEM
Troubleshooting
- Confirm “Event Feed Enabled” is toggled on.
- Confirm the API key is not expired/revoked.
- Validate the account ID is correct and in-scope.