Documentation Index
Fetch the complete documentation index at: https://docs.socfortress.co/llms.txt
Use this file to discover all available pages before exploring further.
What this integration is
This integration ingests Cato Networks events into your SOCFortress SIEM stack using the Cato API (commonly via theeventsFeed capability).
Vendor reference:
- Cato API docs: https://api.catonetworks.com/documentation/
Data path (how it flows)
- Cato Networks → events API feed
- CoPilot collector → SIEM ingestion (indexing/search)
- Optional: alerting and incident workflows
Prerequisites
- Cato Management Application access
- API key created with appropriate permissions
- Event feed enabled (Administration → Event Integrations)
Credentials you’ll need
From Cato:- Account ID (from the URL)
- API key
- Choose View permissions for read-only ingestion.
- Copy the key immediately when generated (can’t be retrieved later).
CoPilot setup (recommended workflow)
- Provision the customer.
- Add Cato Networks integration under the customer.
- Provide account ID + API key.
- Validate that events begin flowing.
Success criteria
- Events show up for the expected customer
- You can correlate an event in Cato with an event in the SIEM
Troubleshooting
- Confirm “Event Feed Enabled” is toggled on.
- Confirm the API key is not expired/revoked.
- Validate the account ID is correct and in-scope.