Skip to content

Commit

Permalink
Merge pull request #1232 from SEKOIA-IO/feature/vg_cato_sase
Browse files Browse the repository at this point in the history
Cato SASE documentation
  • Loading branch information
squioc authored Sep 14, 2023
2 parents 82968c5 + d026261 commit 1b8fcdf
Show file tree
Hide file tree
Showing 4 changed files with 47 additions and 0 deletions.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
46 changes: 46 additions & 0 deletions docs/xdr/features/collect/integrations/cloud_and_saas/cato_sase.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
uuid: 469bd3ae-61c9-4c39-9703-7452882e70da
name: Cato SASE
type: intake

## Overview

Cato Networks is a software company providing solutions to protect cloud applications. Cato SASE Cloud provides zero trust network access to on-premises and cloud applications.

{!_shared_content/operations_center/detection/generated/suggested_rules_469bd3ae-61c9-4c39-9703-7452882e70da_do_not_edit_manually.md!}

{!_shared_content/operations_center/integrations/generated/469bd3ae-61c9-4c39-9703-7452882e70da.md!}

## Configure

This setup guide will show you how to provide an integration between Cato SASE events and Sekoia.io.

### Generate the API key

To collect the events from the Cato Networks platform, an API key is required:

1. Log in our Cato Management Application
2. Go to the `API Management` section then click on the `Administration` tab
![Administration](/assets/operation_center/integration_catalog/cloud_and_saas/cato/administration.png){: style="max-width:100%"}
3. Click on the button `New` to generate a new API key
4. On the panel, give a name to the api key, select the `View` permission
![Administration](/assets/operation_center/integration_catalog/cloud_and_saas/cato/panel.png){: style="max-width:100%"}
5. Click on apply and copy the API key

In addition to the API key, our account ID is also required:

1. In our Cato Management Application, please note the four digits in the browser address.

### Create an intake

Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Cato SASE. Copy the intake key.

### Pull events

To start to pull events, you have to:

1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Cato SASE](../../../automate/library/cato_sase.md) trigger
2. Set up the module configuration with the Api Key and Account Id. Set up the trigger configuration with the intake key
3. Start the playbook and enjoy your events

## Further readings
- [Cato Networks - Generating API Keys for the Cato API](https://support.catonetworks.com/hc/en-us/articles/4413280536081-Generating-API-Keys-for-the-Cato-API)
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ nav:
- Gateway HTTP: xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-gateway-http.md
- Gateway Network: xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-gateway-network.md
- HTTP requests: xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-http-requests.md
- Cato SASE: xdr/features/collect/integrations/cloud_and_saas/cato_sase.md
- Digital Shadows SearchLight: xdr/features/collect/integrations/cloud_and_saas/digital_shadows.md
- Duo Security: xdr/features/collect/integrations/cloud_and_saas/duo_security.md
- Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md
Expand Down

0 comments on commit 1b8fcdf

Please sign in to comment.