diff --git a/docs/assets/operation_center/integration_catalog/cloud_and_saas/cato/administration.png b/docs/assets/operation_center/integration_catalog/cloud_and_saas/cato/administration.png new file mode 100644 index 0000000000..f2ea4f74d8 Binary files /dev/null and b/docs/assets/operation_center/integration_catalog/cloud_and_saas/cato/administration.png differ diff --git a/docs/assets/operation_center/integration_catalog/cloud_and_saas/cato/panel.png b/docs/assets/operation_center/integration_catalog/cloud_and_saas/cato/panel.png new file mode 100644 index 0000000000..a50367adc4 Binary files /dev/null and b/docs/assets/operation_center/integration_catalog/cloud_and_saas/cato/panel.png differ diff --git a/docs/xdr/features/collect/integrations/cloud_and_saas/cato_sase.md b/docs/xdr/features/collect/integrations/cloud_and_saas/cato_sase.md new file mode 100644 index 0000000000..1a9837131b --- /dev/null +++ b/docs/xdr/features/collect/integrations/cloud_and_saas/cato_sase.md @@ -0,0 +1,46 @@ +uuid: 469bd3ae-61c9-4c39-9703-7452882e70da +name: Cato SASE +type: intake + +## Overview + +Cato Networks is a software company providing solutions to protect cloud applications. Cato SASE Cloud provides zero trust network access to on-premises and cloud applications. + +{!_shared_content/operations_center/detection/generated/suggested_rules_469bd3ae-61c9-4c39-9703-7452882e70da_do_not_edit_manually.md!} + +{!_shared_content/operations_center/integrations/generated/469bd3ae-61c9-4c39-9703-7452882e70da.md!} + +## Configure + +This setup guide will show you how to provide an integration between Cato SASE events and Sekoia.io. + +### Generate the API key + +To collect the events from the Cato Networks platform, an API key is required: + +1. Log in our Cato Management Application +2. Go to the `API Management` section then click on the `Administration` tab + ![Administration](/assets/operation_center/integration_catalog/cloud_and_saas/cato/administration.png){: style="max-width:100%"} +3. Click on the button `New` to generate a new API key +4. On the panel, give a name to the api key, select the `View` permission + ![Administration](/assets/operation_center/integration_catalog/cloud_and_saas/cato/panel.png){: style="max-width:100%"} +5. Click on apply and copy the API key + +In addition to the API key, our account ID is also required: + +1. In our Cato Management Application, please note the four digits in the browser address. + +### Create an intake + +Go to the [intake page](https://app.sekoia.io/operations/intakes) and create a new intake from the format Cato SASE. Copy the intake key. + +### Pull events + +To start to pull events, you have to: + +1. Go to the [playbooks page](https://app.sekoia.io/operations/playbooks) and create a new playbook with the [Cato SASE](../../../automate/library/cato_sase.md) trigger +2. Set up the module configuration with the Api Key and Account Id. Set up the trigger configuration with the intake key +3. Start the playbook and enjoy your events + +## Further readings +- [Cato Networks - Generating API Keys for the Cato API](https://support.catonetworks.com/hc/en-us/articles/4413280536081-Generating-API-Keys-for-the-Cato-API) diff --git a/mkdocs.yml b/mkdocs.yml index dc71286131..8fb3d85059 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -105,6 +105,7 @@ nav: - Gateway HTTP: xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-gateway-http.md - Gateway Network: xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-gateway-network.md - HTTP requests: xdr/features/collect/integrations/cloud_and_saas/cloudflare/cloudflare-http-requests.md + - Cato SASE: xdr/features/collect/integrations/cloud_and_saas/cato_sase.md - Digital Shadows SearchLight: xdr/features/collect/integrations/cloud_and_saas/digital_shadows.md - Duo Security: xdr/features/collect/integrations/cloud_and_saas/duo_security.md - Github Audit Logs: xdr/features/collect/integrations/cloud_and_saas/github_audit_logs.md