support.catonetworks.com
Open in
urlscan Pro
104.18.248.37
Public Scan
Submitted URL: https://support.catonetworks.com/hc/en-us/articles/360011568478
Effective URL: https://support.catonetworks.com/hc/en-us/articles/360011568478-Analyzing-Security-Events-According-to-Threat-Reputation
Submission: On December 24 via manual from JP — Scanned from JP
Effective URL: https://support.catonetworks.com/hc/en-us/articles/360011568478-Analyzing-Security-Events-According-to-Threat-Reputation
Submission: On December 24 via manual from JP — Scanned from JP
Form analysis
1 forms found in the DOMGET /hc/en-us/search
<form role="search" class="form-field flex-1 mb-0" data-search="" data-instant="true" autocomplete="off" action="/hc/en-us/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓" autocomplete="off"><input type="search"
name="query" id="query" placeholder="Search" autocomplete="off" aria-label="Search"></form>
Text Content
Skip to main content Getting Started Getting Started Monitoring Monitoring Network Network Access Access Security Security Administration Administration Support Support Announcements Announcements GETTING STARTED * Welcome to the Cato Service * Welcome to Cato Networks * Connecting Sites to the Cato Cloud * Assigning Site Licenses for New Cato Accounts * Understanding Packet Flow with Cato SPACE Architecture * Understanding Cato's Gradual Rollout * Understanding Cato Product Updates (Release Notes) * Glossary of Cato Terms * Starting ZTNA with Cato * What is Cato's ZTNA Solution * Importing Users to Cato * Authenticating SDP Users * Distributing Cato Clients to Devices * Client Lifecycle Management * Adding Sites to Your Account * Site to Site WAN Connectivity with the Cato Cloud * Selecting the Site Type * Selecting the Connection Type for a Site * Sample Procedure - Adding a Site with X1500 Socket * Sample Procedure - Adding a Site with IPsec IKEv2 * Sample Procedure - Adding a Site with IPsec IKEv1 * Implementing Cato Networks Threat Protection * Overview of Cato's Threat Prevention * Configuring IPS and Geo Restriction * Intro Video Tutorials * How to open a ticket to Cato Support (Video) * How to find Network Analytics for SDP Users (Video) * How to use Real-Time Monitoring (Video) * How to navigate the Apps Catalog (Video) * How to Show Network Analytics for Sites (Video) * How to use the Threats Dashboard (Video) * How to use the Application Analytics Dashboard (Video) * How to use the Search bar in the Cato Management Application (Video) * How to use Topology Grouping (video) * How to Navigate the Site Settings Page (Video) * How to deploy a single vSocket in AWS (Video) * How to enforce a Twitter Posting Policy using CASB (Video) * How to test a Data Control (DLP) Rule (Video) * How to configure a Data Loss Prevention (DLP) rule (Video) * An Overview of Agent Based User Awareness (Video) * How to Enable Pre-Login for SDP Clients (Video) * An Overview of Pre-Login for SDP Clients (Video) * How to provision users with SCIM and Microsoft Azure (Video) * How to install the Cato SDP Client on Windows (Video) * An Overview of SSO at Cato Networks (Video) * How to deploy a Socket site (Video) * How to configure a Firewall Rule (Video) * How to check for Apache Log4j RCE vulnerabilities (Video) * How to define first upgraded SDP users (Video) * How to lookup a Domain Category (Video) * How to create a packet capture on a Socket (Video) * Using SSO and the Cato SDP Client (Video) * Getting Started with CASB (Video) * Training 101: Cato Management Application * How to use the Cato Knowledge Base (Video) * Introducing Cato Connection Methods (Video) * Getting Started with the Cato Management Application (Video) * Short Video Tutorials MONITORING * Investigation * Using the Topology Page * Working with the Site Preview Pane * Analyzing Events in Your Network * Explaining the Event Fields * Analyzing Traffic for all Account Sites * Showing User Analytics with SDP Users Overview * Understanding App Analytics * Working with Private Applications on the App Analytics Page * Showing The Routing Table for Your Account * Using the Admin Audit Trail * Filtering Events with Natural Language Search * Dashboards * Using the Threats Dashboard * Working with the MITRE ATT&CK® Dashboard * Using the Cloud Activity Dashboard * Using the Device Dashboard * Using the DLP Dashboard * Using the Remote Users Dashboard * Using the Endpoint Protection Dashboard * Using The Network Dashboard * SASE Detection & Response * XDR Network Playbooks * XDR Network Playbook - LAN Port Down * XDR Network Playbook - PoP Reconnect to Improve Connectivity * XDR Network Playbook - HA Status Is Not Ready * XDR Network Playbook - BGP Session Disconnected * XDR Network Playbook - LAN Monitoring Host Unreachable * XDR Network Playbook - Link Quality SLA * XDR Network Playbook - Site is Disconnected * XDR Network Playbook - Link Down * XDR Security Playbooks * XDR Security Playbook - Phishing Website Attack * Security Playbook - Suspicious Target Communication * XDR Security Playbook - Scanners and Vulnerabilities * Getting Started with Cato XDR * Reviewing Detection & Response (XDR) Stories in the Stories Workbench * Drilling-Down and Analyzing XDR Security Stories * Reviewing XDR Stories for Microsoft Defender for Endpoint Alerts * Reviewing XDR Stories for Cato Endpoint Protection (EPP) Alerts * Reviewing Network Stories in XDR * Creating the Response Policy for XDR Stories * Muting Detection & Response (XDR) Stories * Managing XDR Story Investigations * Working with the Stories Dashboard * Best Practices for XDR Core * Analyzing XDR UEBA Stories for Usage and Events Anomalies * Reviewing XDR Stories for Microsoft Entra ID Protection Alerts * Experience Monitoring * What is Cato Experience Monitoring * Using the Experience Monitoring Page * Configuring the Experience Monitoring Probes and Policy * Experience Monitoring Connection Details * Analyzing Experience Monitoring Anomalies * Practices Assessment * Reviewing Best Practices for Your Account in the CMA * Reports * Cato Reports * Generating Experience Monitoring Reports * Generating an XDR Investigations Report * Generating an XDR Detections Report * Generating an XDR Network Monitor Report * Generating an Application Analytics Report * Generating a Network Analytics Report * Generating a Security Events Report * Generating Rule Hit Count Reports for Security and Network Policies * Generating a TLS Inspection Report * Generating a User Analytics Report NETWORK * Sites * Site Configuration * Socket Sites * Managing Sockets * Working with Socket Sites * Exchanging Socket Ports * Configuring Link Aggregation for a Socket * Using Sockets in an HA Deployment * Understanding Socket Connectivity Event Message Fields * How to Capture Traffic on a Socket * How to Change the Socket Model for a Site * vSocket Sites * AWS vSocket Sites * Deploying a vSocket Site from the AWS Marketplace * Deploying an AWS vSocket Site Manually * Configuring HA for AWS vSockets * Unregistering and Redeploying AWS vSockets * Azure vSocket Sites * Understanding Azure Protection Mechanism Related to Azure Sites * Deploying Azure vSockets from the Marketplace * Deploying an Azure vSocket Site Manually * Configuring High Availability for Azure vSockets * Copying the Azure vSocket VHD Image with SAS * Migrating Azure vSockets to a 2-NIC Solution * Changing Azure vSockets to a Different VM Size * Unregistering and Redeploying Azure vSockets * ESXi vSocket Sites * Unregistering and Redeploying ESXi vSockets * Configuring an ESXi vSocket Site * IPsec Sites * Configuring IPsec IKEv2 Sites * Configuring Sites with IPsec Connections * Configuring IPsec IKEv1 Sites * Troubleshooting IPsec Connectivity * Cato Cloud to Cisco IOS/IOS-XE via HA IPSec Tunnels * Cato Cloud to VMware Edge via HA IPsec Tunnels * Cato Cloud to FortiGate via HA IPSec Tunnels * Cloud Interconnect Sites * Getting Started with Cloud Interconnect Sites * Cloud Interconnect for AWS Public Cloud * Cloud Interconnect for Azure Public Cloud * Cloud Interconnect for GCP Public Cloud * Cloud Interconnect for Oracle Public Cloud * Cloud Interconnect Availability * Site Routing * BGP * Using BGP in the Cato Cloud * Cato Reserved BGP Communities * Defining BGP Neighbors * Configuring BGP Neighbors for a Cato Socket * Configuring BGP Neighbors for an IPsec Connection * Configuring BFD for BGP Neighbors * Working with BGP Summary Routes * Internet Traffic Backhauling * Configuring Internet Traffic Backhauling * Hairpinning Traffic to the Same Site * Backhauling Traffic to a LAN Device behind a Socket * Backhauling Traffic via a Socket's WAN Interface IP Address * Backhauling Traffic via an IPsec Site * Configuring the Socket LAN Firewall Policy * Local Routing at the Socket * Upgrading the Local Routing Policy to the LAN Firewall * Working with Sites * Using the Cato Management Application to Add Sites * Configuring Network Ranges for a Site * Defining Hosts for a Site * Bypassing the Cato Cloud * Configuring LAN Monitoring for a Site * Configuring Local Port Forwarding for a Site * Advanced Configurations for a Site * Site Monitoring * Monitoring a Site with a Snapshot * Showing the Site Network Analytics * Analyzing QoS and Bandwidth Management for a Site (Priority Analyzer) * Analyzing Data for a Site in Real Time * Connectivity Statuses for Cato Sites * Network Rules & QoS * What is the Cato Network Rulebase * Configuring Network Rules * What are the Cato Bandwidth Management Profiles * Configuring Bandwidth Management Profiles * Overriding Bandwidth Management Profiles for a Site * Configuring a Site-Level NAT Policy * Accelerating and Optimizing Traffic * Explaining the Cato TCP Acceleration and Best Practices * Routing Traffic to an Off-Cloud Link * Packet Loss Mitigation for Multi-Tunnel Links * Best Practices for Egressing Traffic In a Network Rule * Cato Intelligent Last-Mile Monitoring (ILMM) * What is Cato ILMM * Managing ILMM for Your Account * Working with ILMM License for Sites * Account Network Settings * Cato DNS * What is Cato DNS? * Configuring DNS Settings * Using Trusted DNS Servers * Best Practices for DNS and Your Cato Account * Example DNS Flows Using Cato as your DNS Server * Enabling mDNS Between Subnets * Defining DNS Forwarding Rules * Cato DHCP * Configuring DHCP Settings * Configuring Cato as the DHCP Relay * Showing Known Hosts for a Site * Showing the DHCP Pools for a Site * Best Practices for DHCP * How to find DHCP host allocation * DHCP Doesn't Work With Subnet Source Bypass * Connection SLA * Configuring the Connection SLA Settings * Defining a Preferred PoP for a Site * Configuring a Last-Resort Link * Customizing the WAN Keepalive Frequency * Configuring Remote Port Forwarding for the Account * Configuring Remote Port Forwarding for the Account * Controlling Inbound Traffic with Remote Port Forwarding * Integrating Imperva Cloud WAF/DDoS Services for Internet-Facing RPF Traffic * How to Integrate Third-Party DDoS Services for Internet-Facing RPF Traffic * Configuring System Settings for the Account * Monitoring Internet and WAN Links Using Synthetic Probes * Using IP Ranges in Policies * Creating Floating Ranges for an Account * Working with Link Health Rules * Allocating IP Addresses for the Account * Cato Sockets * Understanding Cato Sockets * Understanding Cato's Managed Socket Upgrade Service * What is Socket High Availability (HA) * Cato Socket: Deep Knowledge * Part 1: The Socket Interfaces and Precedence * Part 2: PBR and Network Rules within the Socket * Part 3: The Socket Traffic Prioritization and QoS * Active/Active Traffic Distribution * Cipher Suites Used by the Cato Socket and SDP Client * Working with Socket Hardware * Cato Socket Deployment Guides and Data Sheets * Supported Socket Transceivers and USB Ethernet Adapters * Socket X1500 | Status LEDs for Ethernet Ports * X1500 Socket Electrical Specifications * X1600 Socket Electrical Specifications * X1700 Socket Electrical Specifications * Using PPPoE with Cato Sockets * How to run an X1500 Socket using a USB Flash Drive * Using Cellular Modems with a Socket * Reimaging Cato Sockets * Overview of Reimaging Cato Sockets * How to Reset an X1500 Socket (USB Drive) * How to Reset an X1500B Socket (USB Drive) * How to Reset an X1600 Socket (USB Drive) * How to Reset an X1600 LTE Socket (USB Drive) * How to Reset an X1700 Socket (USB Drive) * How to Reset an X1700B Socket (USB Drive) * Manually Upgrading a Socket * Connectivity Requirements for Socket Upgrades * Accessing the Socket WebUI * Using the Socket WebUI Tools * Setting a Different Port to Connect to the Cato PoP * Assigning a Static IP to a Socket * Performance Troubleshooting: Socket Behind a Third-Party Firewall * Remotely Pinging the Socket Interface * Updating the Socket WAN Interface Bandwidth * High Current Distance (Latency) * How to Reconnect the Socket Tunnel * Cato Socket RMA (Return Merchandise Authorization) Process * Handling Stolen or Compromised Sockets * Network Deployment * Cato and AWS Transit Gateway * Connecting the Cato Cloud to an AWS Transit Gateway * Setting up a Cato-Initiated IPsec to Your AWS Transit Gateway * How to Implement Cato vSocket in AWS Multiple VPCs Environment * Redundant VPN Connection to AWS Using BGP * Connect your AWS assets to Cato Cloud with Amazon Virtual Private Gateway * Aruba Wireless Access Point Traffic Not Traversing Cato * How to Use a vSocket in Azure Multiple VNets Environment * How to Integrate RingCentral with Cato Networks * Redundant VPN Connection to Oracle Cloud using BGP * Setting Up Redundant VPN Tunnels to Google Cloud Platform (GCP) * Socket Best Practice: VLANs vs. Routed Ranges * Connecting a Socket to a switch with VLANs (802.1q) * Cato Socket Connection Prerequisites * Setting Up Redundant VPN Tunnels to Amazon Web Services (AWS) * Cato Socket vs IPsec Sites and Tunnels * Other Network Articles * Production PoP Guide * Cato IPsec Guide: IKEv1 vs IKEv2 * FAQ - Limited Availability PoPs * QoS Policies Explained * How to Configure an Egress Rule * Working with the Cato System Range * Best Practices for IPsec Connections * Supported 10Gbps PoP Locations * Understanding Cato Networking in China * Explaining How Cato Classifies Network Applications * Network Segmentation - Best Practices * Socket Site Resiliency with WAN Recovery * Best Practices to Measure Last-Mile Performance * Using Cato Networks' Internet Recovery * Implementing QoS using Microsoft Teams and Cato * How to Reduce the Citrix Recovery Time * Asymmetric Routing over Cato and MPLS * Configuring Your Account to Support IP Overlapping * Integrating Cato with Alternative WAN Network * Recovering Connectivity with Alt. WAN Links ACCESS * Identity Providers and Authentication * Directory Services * SCIM User Provisioning * Provisioning Users with SCIM * SCIM Provisioning with Azure * SCIM Provisioning with Okta * SCIM Provisioning with OneLogin * LDAP User Provisioning * Provisioning Users with LDAP * Syncing Users with LDAP * Overview of Directory Services and User Awareness * Configuring the Windows Server for Directory Services * Configuring LDAP Sync and SSO with OneLogin * Configuring Directory Services with Okta LDAP * Adding Users to Your Cato Account * Using an Identity Provider for Your Cato Account * Activating Users with a Registration Code * Working with Users * Revoking a Remote User Session * Working with User and System Groups * Provisioning Users with SCIM and LDAP * Changing Between SCIM and LDAP User Provisioning * Resolving Issues with LDAP Sync * Changing the Email Address or User Principal Name of Users * Single Sign-On * SSO Authentication for Users with Cato * Configuring SSO and the Subdomain for the Account * Configuring Azure SSO for Your Account * Authenticate Users Automatically with Windows Credentials * Configuring Okta SSO for Your Account * Configuring PingFederate SSO for your Account * Configuring Google SSO for Your Account * Configuring SafeNet Trusted Access SSO for your Account * Configuring JumpCloud SSO for your Account * Changing your Account Name and Subdomain * SSO Session Behavior for Windows SDP Client * User Awareness * Using Cato Identity Agents for User Awareness * Adding User Awareness to Directory Services * Using AD Query for User Awareness * Managing User Awareness Exceptions * Adding Reverse DNS Lookup Hosts * Understanding the Single User Identity * Assigning SDP Licenses to Users * How to Configure Windows Event Forwarding for User Awareness? * How Cato MFA and Expiration Mechanism Works * Configuring Access Control with MAC Address Authentication * User Awareness | WMI "Test connection" fails when querying a DC on Windows server 2008 * Client Access * Distributing and Installing Device Certificates * Distributing Device Certificates to Windows Devices With Certutil * Distributing Device Certificates to macOS and iOS Devices with Jamf * Distributing Device Certificates to macOS and iOS Devices with Microsoft Intune * Distributing Certificates to Devices with Kandji * Installing Device Certificates on Linux Devices * Configuring the Authentication Policy for Cato Clients * Controlling Certified Corporate Devices (Device Authentication) * Providing Cato With Remote User Feedback * Using Windows Pre Login and the SDP Client * Zero Trust Device Security With Cato * Client Policies * What is the Client Connectivity Policy? * Configuring the Client Connectivity Policy * Creating Device Posture Profiles and Device Checks * Protecting Users with Always-On Security * Remote Internet Security with One Time Authentication * Disable Always-On in Designated Trusted Networks * Centralized Management of Remote Traffic Routing (Split Tunnel Policy) * Centralized Management of IP Allocation (IP Allocation Policy) * Centralized Management of Proxy Configuration (Proxy Configuration Policy) * Centralized Management of SDP User DNS Settings with the DNS Settings Policy * Cato SDP Clients * Getting Started with the Cato Client * Cato Client Installation Guides * Windows * Getting Started with the Windows Client * Installing the Cato Certificate on Windows Devices * macOS * Getting Started with the macOS Client * Installing the Cato Certificate on macOS Devices * Linux * Installing and Running the Linux Client (v5.1 and above) * Installing and Running the Linux Client v5.0 * iOS * Getting Started with the iOS Client * Installing the Cato Certificate on iOS Devices * Android * Getting Started with the Android Client * Installing the Cato Certificate on Android Devices * Understanding the Capabilities of the Cato Client * Downloading the Cato Client * Installing the Cato Client * Signing In to the Cato Client * Understanding the Cato Client Connection Flow * Deploying and Upgrading macOS Clients with an MDM * Access Features per Client OS and Version * Deploy Cato SDP Client with Intune (Windows) * Summary of Cato Client Releases * Summary of Cato Client Releases * Summary of Cato Windows Client Releases * Summary of Cato macOS Client Releases * Summary of Cato iOS Client Releases * Summary of Cato Android Client Releases * Summary of Cato Linux Client Releases * Managing Client Upgrades * Managing the Rollout of Client Versions (Client Upgrade Policy) * Best Practices for Cato Client Upgrades * End of Support (EoS) Policy for Cato Clients * Cato Client Last-Mile Support for IPv6 * Collecting Client Logs * Recording Issues Using the Cato Client * Using Windows Client 5.0 on Windows Server * MAC Address of SDP Clients * Using Captive Portal Detection with Cato Clients * Configuring a Different UDP Port for the Cato Client * Understanding Expiring Session for SDP Users * Client TCP Fallback for UDP Tunnel * How to Uninstall the Windows Client Using MsiExec.exe * Supported Throughput for Cato SDP Clients * Managing SDP Clients with the Cato User Portal * Cato Client Privacy Data Sheet * Browser Access * Browser Access Portal Overview - Securing Remote Access to Applications * Configuring the Browser Access Portal * Defining the Browser Access Policy * Managing Applications for the Browser Access Portal * Other Access Articles * Configuring Office Mode * Working with Analytics for Specific SDP Users * Exporting SDP User Data * Isolating and Securing Customer Traffic in Cato Multi-Tenant Cloud * Monitoring Users with a Snapshot SECURITY * Internet & WAN Firewalls * RBI * Securing Browsing Sessions Through Remote Browser Isolation (RBI) * Configuring the RBI Service for Secure Web Browsing * What is the Cato WAN Firewall? * Managing the WAN Firewall Policy * What is the Cato Internet Firewall? * Managing the Internet Firewall Policy * Adding Sections to the WAN and Internet Firewalls * Sample WAN Firewall Rulebase * Adding Device Criteria Conditions to Firewall Rules * Internet and WAN Firewall Policies – Best Practices * How to Allow SMB/SMTP Outbound Traffic (and Other Services) * Reference for Rule Objects * Restricting Content for Internet Traffic * Threat Prevention * IPS Service * Cato Cloud Security Protections * How the Cato Cloud Protects your Account from Ransomware Encryption Actions * How the Cato Cloud Protects your Account from Phishing Attacks * How the Cato Cloud Protects your Account from Cobalt Strike Attacks * How the Cato Cloud Protects your Account from Suspicious Chrome Extensions * Cryptocurrency and the Cato Cloud * DNS Security * Customizing the DNS Protections for IPS * How the Cato Cloud Protects against DNS Tunneling * Configuring the IPS Policy * Allowlisting IPS Signatures * Monitoring Suspicious Activity with IPS (SAM) * Securing AI App Traffic * Enabling and Working with Anti-Malware and IPS * Testing Threat Prevention for Anti-Malware and IPS * Anti-Malware * What is the Cato Anti-Malware Policy? * Configuring the Anti-Malware Policy * Allowlisting Anti-Malware Traffic * Overview of Cato's Threat Prevention * Managed Threat Intelligence in the Cato Cloud * TLS Inspection * TLS Inspection Certificates * Managing Certificates for TLS Inspection * Installing the Root Certificate for TLS Inspection * How to Install the Cato Certificate * Installing Root CA Certificate to Firefox * Certificate Warnings with Blocked HTTPS Websites * Securing Traffic with TLS Inspection Using Private Certificates * FAQ for the New Default Cato Certificate for TLS Inspection * Configuring TLS Inspection Policy for the Account * Adding Device Conditions for TLS Inspection * Best Practices for TLS Inspection * Supported TLS Cipher Suites for Cato TLS Inspection * Testing TLS Inspection in the Cato Cloud * App & Data Control * Cloud Access Security Broker (CASB) * What is the Cato CASB Solution * Using Default Recommended CASB/DLP Policy * Managing the Application Control Policy * Understanding Full Path URL for App Control vs Internet Firewall * Creating File Control Rules in the Application Control Policy * Controlling Access to SaaS Application Tenants with Header Injection * Managing Tenant Control for SaaS Applications * Working with the Cloud Apps Dashboard * Data Loss Prevention * What is the Cato DLP Service * Creating the Data Control Policy * Creating DLP Content Profiles * Working with Custom Data Types for DLP * Using MIP Sensitivity Labels in your Cato DLP Policy * Working with Exact Data Matching (EDM) for DLP * Cato SaaS Security API * What is SaaS Security API? * Configuring the SaaS Security API Connector for Microsoft OneDrive * Configuring the SaaS Security API Connector for Microsoft SharePoint * Configuring the SaaS Security Connector for Microsoft Exchange * Configuring the SaaS Security API Connector for Box * Configuring the SaaS Security API Connector for Dropbox * Configuring the SaaS Security API Connector for Google Drive and Gmail * Configuring the SaaS Security API Connector for Slack * Configuring the SaaS Security API Connector for Salesforce * Configuring the SaaS Security API Connector for GitHub * Configuring the SaaS Security API Connector for ServiceNow * Configuring the SaaS Security API Connector for Workplace from Meta * Reviewing Security Checks for SaaS Apps * Using the SaaS Security API Dashboard * Endpoint Protection * Getting Started with Cato's Endpoint Protection (EPP) * Installing the Endpoint Protection Solution * Managing the Endpoint Protection Solution * Configuring Endpoint Protection * Monitoring and Responding to Endpoint Protection Threats * Summary of EPP Agent Versions * Cato's MDR Service * Getting Started with MDR * Reviewing Detection & Response Stories for MDR Customers * An Overview of Threat Intelligence * Other Security Articles * Best Practices for Implementing Cato Threat Prevention * Best Practices for Cyber Security and the Cato Cloud * Analyzing Security Events According to Threat Reputation * Cato Networks Scanners or Penetration Testing * Show the real local location while searching Google ADMINISTRATION * CMA Admins * Managing Administrators * Configuring Roles and Permissions for Admins (RBAC) * Configuring an Admin with Regional Viewer Permissions * Configuring Authentication Settings for Administrators * Administrator Password Expiration Policy * Setting Admin Preferences * Account * Working with Cato License Types * Managing Site Bandwidth Licenses * Guide to Cato Data Lake Storage * Viewing the General Account Info * Allowing Account Access * Showing All Sockets in the Account (Sockets Inventory) * Showing Zendesk Tickets for Your Account * Alerts * Third-Party Integrations * Third-Party Supported Integrations for Cato Alerts * Creating a ServiceNow Alert Integration * Creating a Slack Alert Integration * Creating a Jira Alert Integration * Creating a Webhooks Alert Integration * Understanding the JSON Fields for Alert Integrations * Account Level Alerts and System Notifications * Creating Subscription Groups * Working with Mailing Lists * Event Integration * Third-Party Supported Integrations for Cato Data * Integrating Cato Events with AWS S3 * Integrating Cato Events with Azure Storage Account * Event Integration Event Fields * Best Practices for Cato Event Log Storage and Ingestion * Branding * Customizing the Cato Client * Customizing the Cato Management Application * Customizing Email Notifications * Customizing the Block/Prompt Page * Customizing Browser Application Portal * Assets * Device Inventory * What is Device Inventory? * Using Device Inventory * Using the Integrations Page * Managing Groups * Uncategorized vs. Undefined System Categories * Working with Custom Apps * Working with Categories * Integrating Custom IoC Lists with Containers * Working with Advanced Configuration for the Account * Using the App Catalog * Identifying the Category for a Domain * Overriding Default Domain Categories for the Account * Configuring the Microsoft Entra ID (Azure AD) Connector * Configuring the Microsoft Entra ID Protection Connector for Sign-In Anomaly Data * Using the Threat Catalog * Using the Indications Catalog * Cato Management Application * New Navigation for the Cato Management Application * Working with the Cato Management Application * Monitoring Your Site with Connectivity Alerts * Priority Analyzer Shows Imprecise QoS Priority for Traffic * Working with Policy Revisions * Finding the Public IP of Your Sites in the Cato Management Application * Exporting Security Rules to a CSV File * Setting the Time Range Filter * Other Administration Articles * Cato API * Cato Configuration API - Reference Guide * Managing Admins with the Cato API * Configuration API - addSocketSite * Configuration API - updateSiteGeneralDetails * Configuration API - updateSocketInterface * Configuration API - removeSite * Configuration API - updateHa * Configuration API - Adding, Updating, and Removing networkRange * Configuration API - Adding, Updating, and Removing staticHost * Using the Cato Site Creation API with Postman * Configuration API Scripts * Cato Configuration API Schema * Cato Monitoring API - Reference Guide * Cato Read Only API - events * Cato API - AccountMetrics * Cato API - AccountMetrics > Sites * Cato API - AccountMetrics > Sites > Interfaces * Cato API - AccountMetrics > Sites > SiteInfo * Cato API - AccountMetrics > Timeseries * Cato API - AccountSnapshot * Cato API - AccountSnapshot > Sites * Cato API - AccountSnapshot > Sites > Devices * Cato API - AccountSnapshot > Sites > Devices > Interfaces * Cato API - AccountSnapshot > Users * Cato Read Only API - appStats * Cato API - AuditFeed * Cato API - EntityLookup * Cato API - EventsFeed (Large Scale Event Monitoring) * Cato API - EventsFeed > EventRecord (Large Scale Event Monitoring) * SIEM Integration Guide for the Cato API * Working with accountMetrics > Granularity * Example Scripts: Using the Cato API with Python * Connecting to the Cato API Server from the GraphQL Playground * Understanding Cato API Rate Limiting * Troubleshooting Cato API Calls * Support Policy for the Cato API * Running API Calls with the Cato Cloud * What is the Cato API * Explaining a Python Script for the Cato API * Generating API Keys for the Cato API * Introduction to the Cato Github Account * Using Terraform with the Cato Cloud * Cato API Changelog * Troubleshooting Support Self Service Portal * Configuring the Socket Upgrade Maintenance Window * Cato Cloud Thresholds and Limits * Requesting New Features (RFEs) * Status page subscription guide * Cato Networks Stencils and Icons * Creating an Online Order for Your Cato Account * Downloading Cato Digital Certificates * Defining Default Working Hours for the Account SUPPORT * Common Issues Playbooks * User and Site Connectivity * AWS HA vSocket Troubleshooting * Performance Issues For Socket Sites Troubleshooting * Socket HA Status Troubleshooting * Socket Deployment and Registration Troubleshooting * Socket Site Tunnel Connectivity Troubleshooting * Socket Upgrade Failure Troubleshooting * IPsec Site Connectivity Troubleshooting * Azure HA vSocket Troubleshooting * Cato SDP Client Performance Troubleshooting * Troubleshooting Socket Site Packet Loss * Application and Service * Internet Service Reachability Troubleshooting * Access to Internal Resources Troubleshooting * VoIP Troubleshooting * Network Rule Evaluation Troubleshooting * Network Troubleshooting * Features Troubleshooting * Alternative WAN Troubleshooting * LTE Connectivity Troubleshooting * Case Studies * Network Scanner Reports Unexpected Open TCP Ports * Azure vSocket is disconnected after a version upgrade * Why Do Routes to IPsec Sites Still Exist in Socket Even Though IPsec Tunnels Are Down? * Socket Site is Disconnected with LTE/5G Providers * Why Can't I Ping the Secondary PoP For My IPSec HA Site? * Recovering Failed Add-On Installations on X1700 * Link Aggregation (LAG) Link Experiencing High Latency and Packet Loss * Socket High Availability Failover Fails Due To Meraki Switch GARP Limitation * Why Do Primary and Secondary Sockets Reconnect at the Same Time? * Real-Time Monitoring Shows Imprecise QoS Priority for Traffic * TLS Connection Failure Over Off-Cloud or Alt-WAN Links * ADUC Loads Slowly While Connected to Cato SDP Client * China | Webpage Having Rendering Issues * Troubleshooting Long Webpage Loading Time and Rendering Problems * Website Inaccessible due to Cato IP Blacklisting or Geo-Blocking * Quota Exceeded in Cato * Changing the Interface Role Generates Reconnect Events * Troubleshooting Issues Related to Local SMTP Servers * IP Address Conflict Reported on Socket UI Even After It's Resolved * Troubleshooting Unusual Network Activity * When is a Flow Assigned QoS Priority 255? * Users Are Logged Out of Website After Successful Login * RDP Session Established but the Remote Desktop Isn't Loading * DHCP Doesn't Work With Subnet Source Bypass * How to Solve "Secure Connection Failed" Error * Toolbox * How to Use HAR File to Analyze Webpage Issues * Showing the Status of the Cato Cloud * Support Self Service | SupportMe Portal * How to Collect HAR Data * Access Troubleshooting * Features Troubleshooting * Troubleshooting Scenarios for Issues with the Cato Client * LDAP Sync and Provisioning Troubleshooting * Browser Access Troubleshooting * Device Certificate Troubleshooting * Directory Services and User Awareness Errors Troubleshooting * Case Studies * Windows 11 24H2 Causes Issues with Cato Client * Device Posture Failed to Detect McAfee Livesafe Version 1.x * OKTA Biometric SSO Fails on Windows With Embedded Browser * macOS SDP Client Unable to Connect with iPhone Hotspot * Azure Conditional Access Fails to Allow Cato SSO Authentication * Zscaler Network Error When Connected Via Cato SDP Client * IP Routing Prevents Windows Client Authentication * No Internet Error on Windows - NCSI Troubleshooting * Windows SDP Client Hangs Due To High CPU Utilization * Users/Groups in Azure AD are Not Getting Provisioned to CMA via SCIM * Android Devices Unable to Reach Internal Resources Via Cato * SDP client fails to connect due to netsh crashes with Windows 11 * SDP Client Silently Upgraded Even Though Policy was Changed to Managed Upgrade * macOS Ventura and iOS Users Unable to Reach Internal Resources Via Cato * SSO Authentication Fails When Using External Browser | localhost Error * Linux Client Permission and Syntax Troubleshooting * Troubleshooting Cato Windows Client Installation Issues During Upgrades * SDP User Doesn't Receive SMS MFA Code * Troubleshooting the "Installation success or error status: 1603" When Installing the Windows SDP Client * Troubleshooting Domain Controllers for Real Time Sync Connection Errors * SDP Client Can't Connect to Remote WAN Resources * User Not Mapped by WMI-based User Awareness * Toolbox * Cato Client Login Errors * How to Remove macOS SDP Client User Profiles * How to Capture Traffic for SDP Client Issues with Wireshark * How To Collect Console Logs on macOS * How to install Cato Certificate on Linux (Ubuntu) * How To Enable Debug Mode | Windows Client * Security Troubleshooting * Features Troubleshooting * DLP Troubleshooting * Case Studies * Website Hosted on Cloudflare Bypasses the Cato Firewall * Multiple CMA Events Are Generated For The Same Traffic Flow * Blocking NordVPN * Data Control Rule Doesn't Work on JAR File When Match By Source Code * Accessing An Untrusted Website Is Blocked Even Though TLS Inspection Is Disabled * Traffic Intermittently Fails to Match Firewall Rules * ChatGPT Blocks Traffic from the Cato Cloud * Cisco Umbrella DNS Redirection Getting TLS Block/Warning Page * Download of EICAR Files Are Not Getting Blocked by Cato * Block Page - Connectivity Problem, Connection was Closed by Peer * Websites with Prompt Page Don't Load Properly * Users Are Getting "Your connection is Not Secure" Message While Browsing Websites * Toolbox * Creating Baseline Firewall Rules for Blocking Anonymizers * How to Check if Traffic is Blocked by the WAN Firewall * How to Verify if Cato or Custom Root Certificate is Installed * Cato Management Application Troubleshooting * Cato Management Application Error Codes * Working with Cato Support * Cato Support Communication Methods and Contact Information * Priority 1 Issues and Cato Support * Partner Advanced Replacement Program * Cato Managed Changes in your Cato Management Application Account * Cato Networks’ Tiered Support Guidelines * Information to Collect When Submitting Tickets to Cato Networks Support * Announcement Regarding Changes to Submit a Request | July 2021 * Accessing the Master Service Agreement * Submitting a Support Ticket * Settings That Can be Modified by Cato Support ANNOUNCEMENTS * Release Notes * Product Update - December 23, 2024 * Product Update - December 16, 2024 * Product Update - December 9, 2024 * Product Update - December 2, 2024 * Product Update - November 25, 2024 * Product Update - November 18, 2024 * Product Update - November 11, 2024 * Product Update - November 4, 2024 * Product Update - October 28, 2024 * Product Update - October 21, 2024 * Product Update - October 14, 2024 * Product Update - October 7, 2024 * Product Update - September 30, 2024 * Product Update - September 23, 2024 * Product Update - September 16, 2024 * Product Update - September 9, 2024 * Product Update - September 2, 2024 * Product Update - Aug 26, 2024 * Product Update - Aug 19, 2024 * Product Update - August 12, 2024 * Product Update - August 5, 2024 * Product Update - July 29, 2024 * Product Update - July 22, 2024 * Product Update - July 15, 2024 * Product Update - July 8, 2024 * Product Update - July 1, 2024 * Product Update - June 24, 2024 * Product Update - June 17, 2024 * Product Update - June 10, 2024 * Product Update - June 3, 2024 * Product Update - May 27th, 2024 * Product Update - May 20th, 2024 * Product Update - May 13th, 2024 * Product Update - May 6th, 2024 * Product Update - Apr. 29th, 2024 * Product Update - Apr. 22nd, 2024 * Product Update - Apr. 15th, 2024 * Product Update - Apr. 8th, 2024 * Product Update - Apr. 1st, 2024 * Product Update - Mar. 25th, 2024 * Product Update - Mar. 18th, 2024 * Product Update - Mar. 11th, 2024 * Product Update - Mar. 4th, 2024 * Product Update - Feb. 26th, 2024 * Product Update - Feb. 19th, 2024 * Product Update - Feb. 12th, 2024 * Product Update - Feb. 5th, 2024 * Product Update - Jan. 29th, 2024 * Product Update - Jan. 22nd, 2024 * Product Update - Jan. 15th, 2024 * Product Update - Jan. 8th, 2024 * Product Update - Jan. 1st, 2024 * Product Update - Dec. 25th, 2023 * Product Update - Dec. 18th, 2023 * Product Update - Dec. 11th, 2023 * Product Update - Dec. 4th, 2023 * Product Update - Nov. 27th, 2023 * Product Update - Nov. 20th, 2023 * Product Update - Nov. 13th, 2023 * Product Update - Nov. 6th, 2023 * Product Update - Oct. 30th, 2023 * Product Update - Oct. 23rd, 2023 * Product Update - Oct. 16th, 2023 * Product Update - Oct. 9th, 2023 * Product Update - Oct. 2nd, 2023 * Product Update - Sept. 26th, 2023 * Product Update - Sept. 18th, 2023 * Product Update - Sept. 11th, 2023 * Product Update - Sept. 4th, 2023 * Product Update - Aug. 28th, 2023 * Product Update - Aug. 21st, 2023 * Product Update - Aug. 14th, 2023 * Product Update - Aug. 7th, 2023 * Product Update - July 31st, 2023 * Product Update - July 24th, 2023 * Product Update - July 17th, 2023 * Product Update - July 10th, 2023 * Product Update - July 3rd, 2023 * Product Update - June 26th, 2023 * Product Update - June 19th, 2023 * Product Update - June 12th, 2023 * Product Update - June 5th, 2023 * Product Update - May 29th, 2023 * Product Update - May 22nd, 2023 * Product Update - May 15th, 2023 * Product Update - May 8th, 2023 * Product Update - May 1st, 2023 * Product Update - April 24th, 2023 * Product Update - April 10th, 2023 * Product Update - April 3rd, 2023 * Product Update - March 27th, 2023 * Product Update - March 20th, 2023 * Product Update - March 13th, 2023 * Product Update - March 6th, 2023 * Product Update - February 27th, 2023 * Product Update - February 20th, 2023 * Product Update - February 13th, 2023 * Product Update - February 6th, 2023 * Product Update - January 23rd, 2023 * Product Update - January 9th, 2023 * Product Update - December 26th, 2022 * Product Update - December 12th, 2022 * Product Update - November 28th, 2022 * Product Update - November 14th, 2022 * Product Update - October 31st, 2022 * Product Update - October 17th, 2022 * Product Update - October 3rd, 2022 * Product Update - September 19th, 2022 * Product Update - September 5th, 2022 * Product Update - August 22nd, 2022 * Product Update - August 8th, 2022 * Product Update - July 25th, 2022 * Product Update - July 11th, 2022 * Product Update - June 27th, 2022 * Product Update - June 13th, 2022 * Product Update - May 30th, 2022 * Product Update - May 16th, 2022 * Product Update - May 2nd, 2022 * Product Update - April 18th, 2022 * Product Update - April 4th, 2022 * Product Update - March 21st, 2022 * Product Update - March 7th, 2022 * Product Update - February 21st, 2022 * Product Update - February 7th, 2022 * Product Update - January 24th, 2022 * Product Update - January 10th, 2022 * Socket Release Notes * Socket version 21.1 Release Notes * Socket version 21.0 Release Notes * Socket Version 20.0 Release Notes * Socket Version 19.0 Release Notes * Socket Version 18.0 Release Notes * Socket Version 17.0 Release Notes * Socket Version 16.0 Release Notes * Socket Version 15.0 Release Notes * Socket Version 14.0 Release Notes * Socket Version 13.0 Release Notes * Socket Version 11.0 Release Notes * Socket Version 10.0 Release Notes * Socket Version 8.0 Release Notes * Socket Version 7.1 Release Notes * Socket Version 7.0 Release Notes * Security Announcements * Security Vulnerability: CVE-2024-3661: Tunnel Vision * CVE-2024-6978 Windows SDP Client: Local root certificates can be installed by low-privileged users * CVE-2024-6977 Windows SDP Client: Sensitive data in trace logs can lead to account takeover * CVE-2024-6974 Windows SDP Client: Local Privilege Escalation via self-upgrade * CVE-2024-6975 Windows SDP Client: Local Privilege Escalation via openssl configuration file * CVE-2024-6973 Windows SDP Client: Remote Code Execution via crafted URLs * Security Vulnerability (CVE-2023-43976) that Impacts macOS Client v5.3.x * CVE-2022-28199 - NVIDIA DPDK Vulnerability * CVE-2021-44228: Apache Log4J RCE * Ransomware: The Kaseya VSA Supply Chain Attack * CVE-2021-1675 and CVE-2021-34527: PrintNightmare - Windows Print Spooler RCE * CVE-2021-21972 VMware vCenter RCE * SolarWinds SUNBURST Malware and the Cato Cloud * General Notifications * Upcoming Deprecation of Denmark Localized IP Range in Stockholm PoP on Dec. 8, 2024 * Users and User Groups Can No Longer be Included as a Source in Connectivity Health Rules * Upcoming Changes to PoPs in the Cato Cloud - November 30, 2024 * Upcoming EoL for Some SubTypes of Cato Event Data * Update to End of Life Announcement for API Fields Related to Events * New Simplified Process for Onboarding Remote Users * Use the Client Connectivity Policy to Manage Device Certificate Check and Block Operating Systems * Upcoming End of Life for API Fields Related to Events * Use the Client Connectivity Policy to Manage your Device Authentication Requirements * Extend the IP Ranges Available for Remote Users * Consolidating Tokyo PoP Locations for Route Via Settings * Upcoming Deprecation of User Selection Mode for MFA Authentication * For Microsoft Azure Sites - Changing Cato vSocket VMs to the Standard D8ls v5 VM Size * Upcoming Changes to PoPs in the Cato Cloud - June 1, 2024 * Browser Access Configuration Update * Update Required for Single Sign-On with Azure * Cato Mangament Application Notification: Incorrect Routing Configuration in Network Rules * Important Updates for Legacy Client and Windows Versions * Deprecating metrics Field in accountSnapshot API on Jan. 15, 2024 * Cato Read-Only API Notification – New Internal Cato ID for SDP Users * EoS for Windows and macOS Clients Earlier than v5.0 * EoS for Linux, iOS and Android Clients Earlier than v5.0 * FAQ - X1700 Socket Hardware Update (X1700B) * FAQ - Security Change to the Cato Cloud (May 30, 2021) * Upgrading Cato Windows Client * Legal * Country's Allocation to License Groups and SDP Users * Update Regarding Cato Network’s Compliance with China’s PIPL * Restricted Countries List * Cato Networks Sub-Processors * EA Documentation * Audit Activities * What is CASB Audit Activities with API? (EA) * Configuring the Microsoft Exchange, SharePoint, or OneDrive for Business Business Audit Activities Integrations (EA) * Configuring the Salesforce Audit Activities Integration (EA) * Configuring the Zendesk Audit Activities Integration (EA) * Configuring the Egnyte Audit Activities Integration (EA) * Using the Cloud Activity Dashboard (EA) * Configuring Multiple Identity Providers (EA) * Using the TLS Inspection Configuration Wizard (EA) * Using the App Catalog (EA-Edit Risk Score) * Configure IPsec IKEv2 with Multiple Active Tunnels (EA) Cato Management Application Knowledge Base Cato Academy Community Release Notes Roadmap Sign in 1. Cato Learning Center 2. Knowledge Base 3. Security 4. Other Security Articles ANALYZING SECURITY EVENTS ACCORDING TO THREAT REPUTATION * Updated 4 months ago * 0 comments FollowNot yet followed by anyone OVERVIEWCOPY LINK TO HEADING The Security research team in Cato Networks has developed analytical engines to tag malicious IP addresses, URLs, and domain names with a bad reputation. This reputation indicates that we discovered that the specific IP address, URL, or domain initiated suspicious or malicious activity. For example, malware C&C, network scanners, phishing activity, and so on. The IPS engine in the Cato Cloud blocks network traffic that is tagged with a bad reputation and generates a reputation-based security event with the threat type Reputation. The following screenshot shows an example of a security event with the Reputation threat type from Event Discovery: REASONS FOR BLOCKED TRAFFICCOPY LINK TO HEADING When Cato's IPS engine identifies potentially malicious traffic and blocks it based on the threat reputation, the threat name field explains the reason why the traffic was blocked. Values for the threat name field include, but are not limited to: * Domain reputation based signature - Phishing * Reputation IP based signature - Botnet * IP reputation based signature - Malicious IP * Domain reputation based signature - Malicious Domain * IP reputation based signature - Abuse * URL reputation based signature - Malicious URL WHAT ARE THE DIFFERENT THREAT TYPES?COPY LINK TO HEADING Each Security Event generated within the Cato Management Application is categorised by a field called threat type. This field displays a high-level overview of the type of threat that Cato has protected you against, and provides you with an indication of any potential malicious activity. The threat types which may be displayed in a Security Event include: * Spam * Brute Force * Scanner * Phishing * Policy Violation * Crypto Mining * Anonymizer * DoS * Network Scan * Vulnerability Scan * Information Disclosure * Privilege Escalation * Reputation * Remote Code Execution * PuP * Web Application Attack * Malware * Malicious Browser Extension SAMPLE THREAT REPUTATION SECURITY EVENT WORKFLOWCOPY LINK TO HEADING 1. The Security research team identifies that a domain is potentially a source of malicious attacks. 2. The domain is tagged with a bad reputation and the IPS engine is updated. 3. An end-user tries to access the domain, and IPS blocks the connection and generates a Security event with the threat type Reputation. WHAT'S THE SIZE OF CATO'S THREAT DATABASE?COPY LINK TO HEADING The Threat Database at Cato Networks is constantly evolving in line with the ever-changing threat landscape. We continuously improve the size and scope of our threat detections to ensure maximum protection for our end customers. For representative figures, as of July 8th 2021 we currently have, but are not limited to: * 750+ million domains and 32+ billion URLs classified * 80+ site categories, including high-risk categories * 6 million dangerous IPs correlated with URLs COPY LINK TO HEADING PREVIOUS ARTICLE Best Practices for Cyber Security and the Cato Cloud NEXT ARTICLE Cato Networks Scanners or Penetration Testing WAS THIS ARTICLE HELPFUL? 3 out of 4 found this helpful 0 COMMENTS Add your comment Please sign in to leave a comment. CONTENTS * Overview * Reasons for Blocked Traffic * What are the different Threat Types? * Sample Threat Reputation Security Event Workflow * What's the Size of Cato's Threat Database? * KNOWLEDGE BASE Monitoring Network Access Security Administration Getting Started Support Announcements COMMUNITY Cato Cloud Topics API Topics Community Help PARTNER KNOWLEDGE BASE Partner CMA Articles Professional Services Templates and Methodologies XDR Services Partner Release Notes Partner Notifications Cato Cloud Status Page Privacy Policy Cato MSA All rights reserved Cato Networks 2024