support.catonetworks.com
Open in
urlscan Pro
104.16.53.111
Public Scan
URL:
https://support.catonetworks.com/hc/en-us/articles/360011568478
Submission: On October 05 via api from GB — Scanned from GB
Submission: On October 05 via api from GB — Scanned from GB
Form analysis 1 forms found in the DOM
GET /hc/en-us/search
<form role="search" class="form-field flex-1 mb-0" data-search="" action="/hc/en-us/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓" autocomplete="off"><input type="search" name="query" id="query"
placeholder="Search" aria-label="Search"></form>Text Content
Skip to main content
Getting Started
Monitoring
Network
Access
Security
Administration
Announcements
Support
Partner Only
GETTING STARTED
* Welcome to the Cato Service
* Understanding Packet Flow with Cato SPACE Architecture
* Understanding Cato's Gradual Rollout
* Starting ZTNA with Cato
* What is Cato's ZTNA Solution
* Importing Users to Cato
* Authenticating SDP Users
* Distributing Cato Clients to Devices
* Client Lifecycle Management
* Adding Sites to Your Account
* Site to Site WAN Connectivity with the Cato Cloud
* Selecting the Site Type
* Configuring Sites with IPsec Connections
* Selecting the Connection Type for a Site
* Sample Procedure - Adding a Site with X1500 Socket
* Sample Procedure - Adding a Site with IPsec IKEv2
* Sample Procedure - Adding a Site with IPsec IKEv1
* Implementing Cato Networks Threat Protection
* Overview of Threat Protection
* Configuring IPS and Geo Restriction
* Getting Started Video Tutorials
* Monitoring Video Tutorials
* How to use Real-Time Monitoring
* How to Show Network Analytics for Sites
* How to use the Application Analytics Dashboard
* Network Video Tutorials
* How to navigate the Site Settings window
* How to deploy a single vSocket in Amazon Web Services (AWS)
* How to deploy a Socket site
* How to create a packet capture on a Socket
* Access Video Tutorials
* How to find Network Analytics for SDP Users
* An Overview of Agent Based User Awareness
* How to Enable Pre-Login for SDP Clients
* An Overview of Pre-Login for SDP Clients
* How to provision users with SCIM and Microsoft Azure
* How to install the Cato SDP Client on Windows
* An Overview of SSO at Cato Networks
* How to define first upgraded SDP users
* Using SSO and the Cato SDP Client (Video)
* Intro Tutorials
* Introducing Cato Connection Methods (Video)
* Getting Started with the Cato Management Application (Video)
* Getting Started with the Cato Knowledge Base (Video)
* Security Video Tutorials
* How to use the Threats Dashboard
* How to enforce a Twitter Posting Policy using CASB
* How to test a Data Control (DLP) Rule
* How to configure a Data Loss Prevention (DLP) rule
* How to configure a Firewall Rule
* How to check for Apache Log4j RCE vulnerabilities
* How to lookup a Domain Category
* Getting Started with Data Loss Prevention (Video)
* Getting Started with Cato's Cloud Access Security Broker (CASB)
* Cato Management Application Video Tutorials
* How to navigate the Apps Catalog
* How to use the Search bar in the Cato Management Application
* How to use Topology Grouping
* The Ring of Defense
* The NIST CSF 2.0: Framework Governance?
* No Ethical Boundaries: WormGPT
* Keeping your SLED Secure: Should you pay a ransom?
* LockBit hits TSMC: A $70M Ransom?
* Reddit and Extorted It: OpenAI Leaks and Paying for Ransomware?
* MOVEit or Lose it: Exploitation and Patching Hell
* How to listen to the Ring of Defense
* Security Obscurity: DNS Tunnelling and CensysGPT
* CyberTalk with Bill and Robin: 24th May 2023
* CyberTalk with Robin - 28th April - The RBI Episode
* CyberTalk with Bill and Robin - 3rd April 2023
* CyberTalk with Bill and Robin - 20th April 2023
* CyberTalk with Bill and Robin: 29th March 2023
* CyberTalk with Bill and Robin: 22nd March 2023
* Cybertalk with Bill and Robin: 16th March 2023
* Cybertalk with Bill and Robin: 2nd March 2023
* CyberTalk with Bill and Robin: 25th February 2023
* CyberTalk with Bill and Robin: 19th February 2023
* CyberTalk with Bill and Robin: 6th February 2023
* Cybertalk with Bill and Robin: 27th January 2023
* CyberTalk with Bill and Robin: 23rd January 2023
* CyberTalk with Bill and Robin: 4th January 2023
* CyberTalk with Bill and Robin - 22nd November 2022
* CyberTalk with Bill and Robin - 8th November 2022
* CyberTalk with Bill and Robin - 21st October 2022
* CyberTalk with Bill and Robin - 14th October 2022
* CyberTalk with Bill and Robin - 23rd September 2022
* Cato Networks Video Library
MONITORING
* Investigation
* Analyzing Events in Your Network
* Using the Topology Screen
* Explaining the Event Fields
* Analyzing Traffic for all Account Sites
* Showing User Analytics with SDP Users Overview
* Showing The Routing Table for Your Account
* Understanding Applications Analytics
* Using the Admin Audit Trail
* Dashboards
* Using the SDP Users Dashboard
* Using the Threats Dashboard
* Working with the MITRE ATT&CK® Dashboard
* Using the DLP Dashboard
* Reports
* Cato Reports
* Generating a Security Events Report
* Generating an Application Analytics Report
* Generating a Network Analytics Report
* Detection & Response
* Reviewing Detection & Response Stories for Your Account
* Working with the Stories Dashboard
* Practices Assessment
* Reviewing Best Practices for Your Account
NETWORK
* Sites
* Site Configuration
* IPsec Sites
* Configuring IPsec IKEv2 Sites
* Configuring an IPsec IKEv2 Site for a Firewall/Router with Dynamic IP
* Configuring IPsec IKEv1 Sites
* Troubleshooting IPsec Connectivity
* Cato Cloud to Cisco IOS/IOS-XE via HA IPSec Tunnels
* Cato Cloud to VMware Edge via HA IPsec Tunnels
* Cato Cloud to FortiGate via HA IPSec Tunnels (CLI Guide)
* Cato Cross Connect Sites
* Getting Started with Cato Cross Connect Sites
* Cross Connect for AWS Public Cloud
* Cross Connect for Azure Public Cloud
* Cross Connect for GCP Public Cloud
* Cross Connect for Oracle Public Cloud
* Cato Cross Connect Availability
* Cato Sockets
* Working with X1500, X1600 and X1700 Socket Sites
* Configuring Link Aggregation for a Socket
* Using Sockets in a High Availability (HA) Deployment
* BGP
* Using BGP in the Cato Cloud
* Cato Reserved BGP Communities
* Defining BGP Neighbors
* Configuring BGP Neighbors for a Cato Socket
* Configuring BGP Neighbors for an IPsec Connection
* Exchanging Socket Ports
* Configuring the Socket LAN Firewall Policy
* Using the Cato Management Application to Add Sites
* Working with Sites
* Configuring Network Ranges for a Site
* Local Routing at the Socket
* Upgrading the Local Routing Policy to the LAN Firewall
* Defining Hosts for a Site
* Working with LAN Monitoring for a Site
* Bypassing the Cato Cloud
* Configuring Local Port Forwarding
* Advanced Configurations for a Site
* Site Monitoring
* Showing the Site Network Analytics
* Monitoring a Site with a Snapshot
* Analyzing QoS and Bandwidth Management for a Site (Priority Analyzer)
* Analyzing Data for a Site in Real Time
* Using The Network Dashboard
* Cato Socket
* Understanding Cato's Managed Socket Upgrade Service
* What is Socket High Availability (HA)
* Using the Socket WebUI Tools
* Cato Socket: Deep Knowledge
* Connectivity Requirements for Socket Upgrades
* Part 1: The Socket Interfaces and Precedence
* Part 2: PBR and Network Rules within the Socket
* Part 3: The Socket Traffic Prioritization and QoS
* Active/Active Traffic Distribution
* Setting a Different Port to Connect to the Cato PoP
* How to run an X1500 Socket using a USB Flash Drive
* AWS vSocket - Requesting an Amazon AMI Image
* Cato Socket RMA (Return Merchandise Authorization) Process
* Using PPPoE with Cato Sockets
* Performance Troubleshooting: Socket Behind a Third-Party Firewall
* Remotely Pinging the Socket WAN Interface
* How to find DHCP host allocation
* Socket X1500 | Status LEDs for Ethernet Ports
* DHCP Doesn't Work With Subnet Source Bypass
* Updating the Socket WAN Interface Bandwidth
* Cipher Suites Used by the Cato Socket and SDP Client
* High Current Distance (Latency)
* How to Reconnect the Socket Tunnel
* vSocket Sites
* Copying the Azure vSocket VHD Image with SAS
* Configuring an AWS vSocket Site
* Configuring High Availability (HA) for AWS vSockets
* Configuring an Azure vSocket Site
* Configuring High Availability (HA) for Azure vSockets
* Configuring a VMware ESXi vSocket Site
* Example Cloud Deployment Templates
* Deploying Azure vSockets from the Marketplace
* Sockets & Hardware
* Reimaging Cato Sockets
* Overview of Reimaging Cato Sockets
* How to Reset an X1500 Socket (USB Drive)
* How to Reset an X1500B Socket (USB Drive)
* How to Reset an X1700 Socket (USB Drive)
* How to Reset an X1700B Socket (USB Drive)
* How to Reset an X1600 Socket (USB Drive)
* Managing Sockets
* Using the Socket WebUI
* Supported Socket Transceivers and USB Ethernet Adapters
* Assigning a Static IP to a Socket
* How to Capture Traffic on a Socket
* How to Change the Socket Model for a Site
* X1700, X1600 & X1500 Socket Guides
* Socket Power Consumption Details
* Using Cellular Modems with a Socket
* Network Rules & QoS
* Internet Traffic Backhauling
* Configuring Internet Traffic Backhauling
* Backhauling Traffic to a LAN Device
* Hairpinning Traffic to the Same Site
* Backhauling Traffic via a Socket's WAN Interface IP Address
* Backhauling Traffic via an IPsec Site
* Configuring Network Rules
* What is the Cato Network Rulebase
* Explaining the Cato TCP Acceleration and Best Practices
* What are the Cato Bandwidth Management Profiles
* Configuring Bandwidth Management Profiles
* Accelerating and Optimizing Traffic
* Overriding Bandwidth Management Profiles for a Site
* Routing Traffic to an Off-Cloud Link
* Packet Loss Mitigation for Multi-Tunnel Links
* Best Practices for Egressing Traffic In a Network Rule
* Cato Intelligent Last-Mile Monitoring (ILMM)
* What is Cato ILMM
* Managing ILMM for Your Account
* Working with ILMM Licenses for Sites
* Account Network Settings
* Cato DHCP
* Configuring DHCP Settings
* Configuring Cato as the DHCP Relay
* Showing Known Hosts for a Site
* Showing the DHCP Pools for a Site
* Best Practices for DHCP
* Connection SLA
* Configuring the Connection SLA Settings
* Defining a Preferred PoP for a Site
* Configuring a Last-Resort Link
* Customizing the WAN Keepalive Frequency
* Configuring DNS Settings
* Defining DNS Forwarding Rules
* Configuring Remote Port Forwarding for the Account
* Using IP Ranges in Policies
* Creating Floating Ranges for an Account
* Monitoring the Last Mile for the Account
* Allocating IP Addresses for the Account
* Working with Link Health Rules
* Other Network Articles
* Production PoP Guide
* Best Practices for IPsec Connections
* Controlling Inbound Traffic with Remote Port Forwarding
* Explaining How Cato Classifies Network Applications
* Best Practices for DNS and Your Cato Account
* Handling DNS Flows in the Cato Cloud
* Network Segmentation - Best Practices
* Best Practices to Measure Last-Mile Performance with SpeedTest
* Introducing Cato Networks' Internet Recovery
* Integrating Cato with Alternative WAN Network
* Implementing QoS using Microsoft Teams and Cato
* Recovering WAN Traffic
* How to Reduce the Citrix Recovery Time
* Asymmetric Routing over Cato and MPLS
* Configuring Your Account to Support IP Overlapping
* Network Deployment
* How to Implement Cato vSocket in AWS Multiple VPCs Environment
* Setting up a Cato-Initiated IPsec to Your AWS Transit Gateway
* Redundant VPN Connection to AWS Using BGP
* Aruba Wireless Access Point Traffic Not Traversing Cato
* How to Use a vSocket in Azure Multiple VNets Environment
* How to Integrate RingCentral with Cato Networks
* Redundant VPN Connection to Oracle Cloud using BGP
* Setting Up Redundant VPN Tunnels to Google Cloud Platform (GCP)
* Socket Best Practice: VLANs vs. Routed Ranges
* Connecting a Socket to a switch with VLANs (802.1q)
* Cato Socket vs IPSec tunnel
* Cato Socket Connection Prerequisites
* Setting Up Redundant VPN Tunnels to Amazon Web Services (AWS)
* Connect your AWS assets to Cato Cloud with Amazon Virtual Private Gateway
ACCESS
* Single User Identity
* Provisioning Users
* Provisioning users with SCIM
* Provisioning Users with SCIM
* SCIM Provisioning with Azure
* SCIM Provisioning with Okta
* SCIM Provisioning with OneLogin
* Provisioning Users with LDAP
* Provisioning Users with LDAP
* Sync users with LDAP
* Configuring LDAP Sync and SSO with OneLogin
* Configuring Directory Services with Okta LDAP
* Adding Users to Your Cato Account
* Working with User and System Groups
* Working with Users
* Changing Between SCIM and LDAP User Provisioning
* User Awareness
* Using Cato Identity Agents for User Awareness
* Using AD Query for User Awareness
* Adding User Awareness to Directory Services
* Understanding the Single User Identity
* Assigning SDP Licenses to Users
* Cato SDP Clients
* Cato Client Installation Guides
* Windows
* Getting Started with the Windows Client
* Installing the Cato Certificate on Windows Devices
* macOS
* Getting Started with the macOS Client
* Installing the Cato Certificate on macOS Devices
* Linux
* Installing and Running the Linux Client v5.1
* Installing and Running the Linux Client v5.0
* Getting Started with the Android Client
* Getting Started with the iOS Client
* Summary of Cato Client Releases
* Summary of Cato Client Releases
* Summary of Cato Windows Client Releases
* Summary of Cato macOS Client Releases
* Summary of Cato iOS Client Releases
* Summary of Cato Android Client Releases
* Summary of Cato Linux Client Releases
* How Can I Download the Cato Client?
* Installing the Cato Client
* Managing the Rollout of Client Versions
* Access Features per Client OS and Version
* Customizing the Cato Client
* Best Practices for Cato Client Upgrades
* MAC Address of SDP Clients
* How to Collect SDP Client Logs
* Deploy Cato SDP Client with Intune (Windows)
* Recording Issues Using the SDP Client
* Using Captive Portal Detection with Cato Clients
* End of Support (EoS) Policy for Cato Clients
* Improved SSO Workflow for Cato Clients
* Configuring a Different UDP Port for the Cato Client
* Understanding Expiring Session for SDP Users
* VPN Client TCP Fallback for UDP Tunnel
* How to Uninstall the Windows Client Using MsiExec.exe
* Supported Throughput for Cato SDP Clients
* Managing SDP Clients with the Cato User Portal
* Cato Client Privacy Data Sheet
* Identity Providers and Authentication
* Directory Services
* Provisioning Users With SCIM
* SCIM Provisioning with Azure
* SCIM Provisioning with Okta
* SCIM Provisioning with OneLogin
* Provisioning Users With LDAP
* Provisioning Users with LDAP
* Configuring LDAP Sync and SSO with OneLogin
* Configuring Directory Services with Okta LDAP
* Activating SDP Users
* Working with SDP Users
* Overview of Directory Services and User Awareness
* Configuring the Windows Server for Directory Services
* Changing the Email Address or User Principal Name of SDP Users
* User Awareness
* Using Cato Identity Agents for User Awareness
* Adding User Awareness to Directory Services
* Managing User Awareness Exceptions
* Working with User Groups
* Adding Reverse DNS Lookup Hosts
* Using an Identity Provider for Your Cato Account
* Single Sign-On
* SSO Authentication for SDP Users with Cato
* Configuring SSO and the Subdomain for the Account
* Configuring Azure SSO for Your Account
* Configuring Okta SSO for Your Account
* Configuring Google SSO for Your Account
* Configuring PingFederate SSO for your Account
* Changing your Account Name and Subdomain
* SSO Session Behavior for Windows SDP Client
* Using Windows Client 5.0 on Windows Server
* How to Configure Windows Event Forwarding for User Awareness?
* User Not Mapped by User Awareness
* User Awareness | WMI "Test connection" fails when querying a DC on Windows
server 2008
* Sync Active Directory Users to Cato SDP Users
* How Cato MFA and Expiration Mechanism Works
* Authenticate SDP Users Automatically with Windows Credentials
* Configuring Access Control with MAC Address Authentication
* Access Control
* Browser Access
* Browser Access Portal Overview - Securing Remote Access to Applications
* Configuring the Browser Access Portal
* Defining the Browser Access Policy
* Managing Applications for the Browser Access Portal
* Client Access
* Zero Trust Device Security With Cato
* Distributing Certificates for Device Authentication and Device Checks
* Controlling Certified Corporate Devices (Device Authentication)
* Configuring Split Tunnel for SDP Clients
* Split Tunnel Configuration for Specific SDP Users
* Providing Cato With SDP User Feedback
* Using Windows Pre Login and the SDP Client
* Configuring the Authentication Policy for Cato Clients
* Configuring SDP Client Settings for the Account
* LAN Blocking for the Windows Client
* Defining a Proxy Configuration File URL
* Deploying and Upgrading macOS Clients with an MDM
* Configuring Settings for the macOS and iOS Clients
* What is the Client Connectivity Policy?
* Configuring the Client Connectivity Policy
* Protecting SDP Users with Always-On Security
* Creating Device Posture Profiles and Device Checks
* IP Allocation Policy
* Centralized Management of SDP User DNS Settings
* Disable Always-On in Designated Trusted Networks
* Other Access Articles
* Configuring Office Mode
* Working with Analytics for Specific SDP Users
* Exporting SDP User Data
* Isolating and Securing Customer Traffic in Cato Multi-Tenant Cloud
* Monitoring Users with a Snapshot
SECURITY
* Internet & WAN Firewalls
* Adding Sections to the WAN and Internet Firewalls
* What is the Cato Internet Firewall?
* Internet and WAN Firewall Policies – Best Practices
* Managing Internet Firewall Rules
* What is the Cato WAN Firewall?
* Managing the WAN Firewall Rules
* Sample WAN Firewall Rulebase
* Adding Device Conditions to Firewall Rules
* Customizing the Block/Prompt Page
* Restricting Content for Internet Traffic
* How to allow SMB/SMTP outbound traffic (or any other service)
* IPS Service
* Cato Cloud Security Protections
* How the Cato Cloud Protects your Account from Ransomware Encryption
Actions
* Cryptocurrency and the Cato Cloud
* How the Cato Cloud Protects your Account from Phishing Attacks
* How the Cato Cloud Protects your Account from Suspicious Chrome
Extensions
* DNS Security
* How the Cato Cloud Protects against DNS Tunneling
* Customizing the DNS Protections for IPS
* Securing AI App Traffic
* Configuring the IPS Policy
* Allowlisting IPS Signatures
* Monitoring Suspicious Activity with IPS (SAM)
* Enabling and Working with Anti-Malware and IPS
* Testing Anti-Malware and IPS Threat Protections
* App & Data Control
* Cloud Access Security Broker (CASB)
* Using Default Recommended CASB/DLP Policy
* What is the Cato CASB Solution
* Controlling Access to SaaS Application Tenants with Header Injection
* Managing the Application Control Policy
* Managing Tenant Control for SaaS Applications
* Working with the Cloud Apps Dashboard
* Data Loss Prevention
* What is the Cato DLP Service
* Creating the Data Control Policy
* Creating DLP Content Profiles
* Working with Custom Data Types for DLP
* Using MIP Sensitivity Labels in your Cato DLP Policy
* Cato SaaS Security API
* What is SaaS Security API
* Configuring the SaaS Security API Connector for Microsoft OneDrive
* Configuring the SaaS Security API Connector for Microsoft SharePoint
* Configuring the SaaS Security Connector for Microsoft Exchange
* Configuring the SaaS Security API Connector for Google Drive and Gmail
* Configuring the SaaS Security API Connector for Box
* Configuring the SaaS Security API Connector for Slack
* Reviewing Security Checks for SaaS Apps
* Using the SaaS Security API Dashboard
* RBI
* Securing Browsing Sessions Through Remote Browser Isolation (RBI)
* Configuring the RBI Service for Secure Web Browsing
* TLS Inspection
* TLS Inspection Certificates
* Installing the Root Certificate for TLS Inspection
* Certificate Warnings with Blocked HTTPS Websites
* Installing Root CA Certificate to Firefox
* How to Install the Cato Certificate
* Securing Traffic with TLS Inspection Using Private Certificates
* Configuring TLS Inspection Policy for the Account
* Adding Device Conditions for TLS Inspection
* Best Practices for TLS Inspection
* Supported TLS Cipher Suites for Cato TLS Inspection
* Testing TLS Inspection in the Cato Cloud
* Anti-Malware
* What is the Cato Anti-Malware Policy?
* Configuring the Anti-Malware Policy
* Allowlisting Anti-Malware Traffic
* Cato's MDR Service
* Getting Started with MDR
* An Overview of Threat Intelligence
* Reviewing Detection & Response Stories for MDR Customers
* Other Security Articles
* Best Practices for Cyber Security and the Cato Cloud
* Best Practices for Implementing Cato Threat Protection
* Analyzing Security Events According to Threat Reputation
* How to Integrate Third-Party DDoS Services for Internet-Facing RPF Traffic
* Show the real local location while searching Google
ADMINISTRATION
* Cato Management Application Admins
* Managing Administrators
* Configuring Roles and Permissions for Admins
* Configuring an Admin with Regional Viewer Permissions
* Configuring Roles and Permissions for Reseller Admins
* Configuring Authentication Settings for Administrators
* Administrator Password Expiration Policy
* Setting Admin Preferences
* Assets
* Uncategorized vs. Undefined System Categories
* Managing Groups
* Working with Custom Applications
* Working with Categories
* Working with Advanced Configuration for the Account
* Using the App Catalog
* Using the Threat Catalog
* Using the Indications Catalog
* Identifying the Category for a Domain
* Account
* Working with Cato License Types
* Managing Site Bandwidth Licenses
* Showing All Sockets in the Account (Sockets Inventory)
* Showing Zendesk Tickets for Your Account
* Alerts
* Working with Email Notifications for the Account
* Customizing Email Notifications
* Working with Mailing Lists
* Event Integration
* Using Third Party SIEM Vendors
* Event Integration Event Fields
* Configuring System Settings for the Account
* Exporting Log Files
* Other Administration Articles
* Cato API
* Cato Configuration API - Reference Guide
* Managing Admins with the Cato API
* Configuration API - addSocketSite
* Configuration API - updateSiteGeneralDetails
* Configuration API - updateSocketInterface
* Configuration API - removeSite
* Configuration API - updateHa
* Configuration API - Adding, Updating, and Removing networkRange
* Configuration API - Adding, Updating, and Removing staticHost
* Using the Cato Site Creation API with Postman
* Configuration API Scripts
* Cato Configuration API Schema
* Cato Monitoring API - Reference Guide
* Getting Started with the Cato API
* Cato Read Only API - events
* Cato API - AccountMetrics
* Cato API - AccountMetrics > Sites
* Cato API - AccountMetrics > Sites > Interfaces
* Cato API - AccountMetrics > Sites > SiteInfo
* Cato API - AccountMetrics > Timeseries
* Cato API - AccountSnapshot
* Cato API - AccountSnapshot > Sites
* Cato API - AccountSnapshot > Sites > Devices
* Cato API - AccountSnapshot > Sites > Devices > Interfaces
* Cato API - AccountSnapshot > Users
* Cato Read Only API - appStats
* Cato API - AuditFeed
* Cato API - EntityLookup
* Cato API - EventsFeed (Large Scale Event Monitoring)
* Cato API - EventsFeed > EventRecord (Large Scale Event Monitoring)
* SIEM Integration Guide for the Cato API
* Working with accountMetrics > Granularity
* Example Scripts: Using the Cato API with Python
* Connecting to the Cato API Server from the GraphQL Playground
* Understanding Cato API Rate Limiting
* Troubleshooting Cato API Calls
* Support Policy for the Cato API
* Running API Calls with the Cato Cloud
* Cato Management Application
* Welcome to Cato Networks
* Priority Analyzer Shows Imprecise QoS Priority for Traffic
* Log Exporter: Under the Hood
* Monitoring Your Site with Connectivity Alerts
* Cato IPsec Guide: IKEv1 vs IKEv2
* QoS Policies Explained
* How to Configure an Egress Rule
* Finding the Public IP of Your Sites in the Cato Management Application
* Working with the Cato Management Application
* New Cato Management Application - Known Limitations & Resolved Issues
* Exporting Security Rules to a CSV File
* Setting the Time Range Filter
* Services
* Training 101: Cato Management Application
* Integrating Cato Events with AWS S3
* Generating API Keys for the Cato API
* Troubleshooting Support Self Service Portal
* Configuring the Socket Upgrade Maintenance Window
* Cato Cloud Thresholds and Limits
* Requesting New Features (RFEs)
* Cato Networks Scanners or Penetration Testing
* Status page subscription guide
* Cato Networks SVG Stencils
* Creating an Online Order for Your Cato Account
* Downloading Cato Digital Certificates
* Defining Default Working Hours for the Account
ANNOUNCEMENTS
* Release Notes
* Product Update - Oct. 2nd, 2023
* Product Update - Sept. 26th, 2023
* Product Update - Sept. 18th, 2023
* Product Update - Sept. 11th, 2023
* Product Update - Sept. 4th, 2023
* Product Update - Aug. 28th, 2023
* Product Update - Aug. 21st, 2023
* Product Update - Aug. 14th, 2023
* Product Update - Aug. 7th, 2023
* Product Update - July 31st, 2023
* Product Update - July 24th, 2023
* Product Update - July 17th, 2023
* Product Update - July 10th, 2023
* Product Update - July 3rd, 2023
* Product Update - June 26th, 2023
* Product Update - June 19th, 2023
* Product Update - June 12th, 2023
* Product Update - June 5th, 2023
* Product Update - May 29th, 2023
* Product Update - May 22nd, 2023
* Product Update - May 15th, 2023
* Product Update - May 8th, 2023
* Product Update - May 1st, 2023
* Product Update - April 24th, 2023
* Product Update - April 10th, 2023
* Product Update - April 3rd, 2023
* Product Update - March 27th, 2023
* Product Update - March 20th, 2023
* Product Update - March 13th, 2023
* Product Update - March 6th, 2023
* Product Update - February 27th, 2023
* Product Update - February 20th, 2023
* Product Update - February 13th, 2023
* Product Update - February 6th, 2023
* Product Update - January 23rd, 2023
* Product Update - January 9th, 2023
* Product Update - December 26th, 2022
* Product Update - December 12th, 2022
* Product Update - November 28th, 2022
* Product Update - November 14th, 2022
* Product Update - October 31st, 2022
* Product Update - October 17th, 2022
* Product Update - October 3rd, 2022
* Product Update - September 19th, 2022
* Product Update - September 5th, 2022
* Product Update - August 22nd, 2022
* Product Update - August 8th, 2022
* Product Update - July 25th, 2022
* DLP Product Update - July 18th, 2022
* Product Update - July 11th, 2022
* Product Update - June 27th, 2022
* Product Update - June 13th, 2022
* Product Update - May 30th, 2022
* Product Update - May 16th, 2022
* Product Update - May 2nd, 2022
* Product Update - April 18th, 2022
* Product Update - April 4th, 2022
* Product Update - March 21st, 2022
* Product Update - March 7th, 2022
* Product Update - February 21st, 2022
* Product Update - February 7th, 2022
* Product Update - January 24th, 2022
* Product Update - January 10th, 2022
* Product Update - December 27th, 2021
* Product Update - December 13th, 2021
* Product Update - November 29th, 2021
* Product Update - November 15th, 2021
* Product Update - November 1st, 2021
* Product Update - October 18th, 2021
* Product Update - October 4th, 2021
* Product Update - September 20th, 2021
* Product Update - September 6th, 2021
* Product Update - August 23rd 2021
* Product Update - August 9th, 2021
* Product Update - July 26th, 2021
* Product Update - July 12th, 2021
* Product Update - June 28th, 2021
* Product Update - June 14th, 2021
* Product Update - May 31st, 2021
* Product Update - May 24th, 2021
* Product Update - May 17th, 2021
* Product Update - May 3rd, 2021
* Product Update - April 19th, 2021
* Product Update - April 5th, 2021
* Product Update - March 22nd, 2021
* Product Update - March 8th, 2021
* Product Update - February 22nd, 2021
* Product Update - February 8th, 2021
* Product Update - January 25th, 2021
* Product Update - January 11th, 2021
* Product Update - December 28th, 2020
* Product Update - December 14th, 2020
* Product Update - November 30th, 2020
* Product Update - November 16th, 2020
* Product Update - November 2nd, 2020
* Product Update - October 19th, 2020
* Product Update - September 7th, 2020
* Product Update - August 24th, 2020
* Socket Version 9.0 Release Notes
* Product Update - July 27th, 2020
* Product Update - July 13th, 2020
* Product Update - June 29th, 2020
* Product Update - June 15th, 2020
* Product Update - June 1st, 2020
* Product Update - May 4th, 2020
* Product Update - April 20th, 2020
* Product Update - April 6th, 2020
* Product Update - March 23rd, 2020
* Product Update - March 9th, 2020
* Product Update - February 24th, 2020
* Product Update - February 10th, 2020
* Product Update - January 27th, 2020
* Product Update - January 13th, 2020
* Product Update - December 30th, 2019
* Product Update - December 16th, 2019
* Product Update - December 2nd, 2019
* Product Update - November 18th, 2019
* Product Update - November 3rd, 2019
* Product Update - October 6th, 2019
* Product Update - September 22nd, 2019
* Product Update - September 8th, 2019
* Product Update - August 25th, 2019
* Product Update - August 11th, 2019
* Product Update - July 28th, 2019
* Product Update - July 14th, 2019
* Socket Version 6.0 Release Notes
* Product Update - June 30th, 2019
* Socket Release Notes
* Socket Version 19.0 Release Notes
* Socket Version 18.0 Release Notes
* Socket Version 17.0 Release Notes
* Socket Version 16.0 Release Notes
* Socket Version 15.0 Release Notes
* Socket Version 14.0 Release Notes
* Socket Version 13.0 Release Notes
* Socket Version 11.0 Release Notes
* Socket Version 10.0 Release Notes
* Socket Version 8.0 Release Notes
* Socket Version 7.1 Release Notes
* Socket Version 7.0 Release Notes
* EA Documentation
* Endpoint Protection (EA)
* Getting Started with Endpoint Protection (EA)
* Installing Endpoint Protection (EA)
* Configuring Endpoint Protection (EA)
* Monitoring and Responding to Endpoint Protection Threats (EA)
* 4 Byte ASN for BGP Peers (EA)
* Integrating Cato Events with Azure Storage Account (EA)
* Working with BGP Summary Routes (EA)
* Guide to Cato Data Lake Storage (EA)
* Recovering Connectivity with Alt. WAN Links (EA)
* Security Announcements
* CVE-2022-28199 - NVIDIA DPDK Vulnerability
* CVE-2021-44228: Apache Log4J RCE
* Ransomware: The Kaseya VSA Supply Chain Attack
* CVE-2021-1675 and CVE-2021-34527: PrintNightmare - Windows Print Spooler
RCE
* FAQ - Changes to the Anti-Malware Policy, Trusted Destinations, and TLS
Inspection
* CVE-2021-21972 VMware vCenter RCE
* SolarWinds SUNBURST Malware and the Cato Cloud
* General Notifications
* Cato Mangament Application Notification: Incorrect Routing Configuration in
Network Rules
* Important Updates for Legacy Client and Windows Versions
* Deprecating metrics Field in accountSnapshot API on Nov. 15, 2023
* Cato Management Application Notification: New DNS Settings Policy For SDP
Users
* Changes to Sites and Network Rules based on Second PoP Locations in Tokyo
and Osaka (Japan)
* Cato Read-Only API Notification – New Internal Cato ID for SDP Users
* EoS for Windows and macOS Clients Earlier than v5.0
* EoS for Linux, iOS and Android Clients Earlier than v5.0
* Cato Management Application Notification: New Always-On Policy
* FAQ - X1700 Socket Hardware Update (X1700B)
* Understanding New Logic for Client Connectivity Policy
* Upgrading to Socket v15 - Troubleshooting Connectivity Issues Related to
Misconfigured Connectivity Settings
* New Audit Trail Item Related to an Update to the Cato Cloud Infrastructure
* Improved Behavior for MFA Verification Code with SMS
* Cato Management Application Notification: Update to Deprecated Applications
* Announcement Regarding End-of-Life (EoL) for Legacy Cato Management
Application
* Notification - Review Non-Ordered Firewall Settings and Activate the New
Firewall
* FAQ - Security Change to the Cato Cloud (May 30, 2021)
* Announcement Regarding End-of-Life (EoL) for Cato Legacy Firewall
* Upgrading Cato Windows Client
* Announcement - Change for Opening Support Tickets in January 2021
* Legal
* Update Regarding Cato Network’s Compliance with China’s PIPL
* Restricted Countries List
* Cato Networks Sub-Processors
SUPPORT
* Troubleshooting Articles
* Troubleshooting Networking & Platform
* Socket High Availability Failover Fails Due To Meraki Switch GARP
Limitation
* Why Do Primary and Secondary Sockets Reconnect at the Same Time?
* TLS Connection Failure Over Off-Cloud or Alt-WAN Links
* ADUC Loads Slowly While Connected to Cato SDP Client
* Troubleshooting Socket Registration/Initial Connectivity Failures
* China | Webpage Having Rendering Issues
* Android Devices Unable to Reach Internal Resources Via Cato
* How to Troubleshoot Long Webpage Loading Time and Rendering Problems
* Websites Blacklisting Cato IP
* How to Use HAR File to Analyze Webpage Issues
* Block Page - Connectivity Problem, Connection was Closed by Peer
* Quota Exceeded in Cato
* Changing the Interface Role Generates Reconnect Events
* Troubleshooting Issues Related to Local SMTP Servers
* Troubleshooting Unusual Network Activity
* When is a Flow Assigned QoS Priority 255?
* Users Are Logged Out of Website After Successful Login
* How to Collect HAR Data
* Troubleshooting Azure HA Deployment
* RDP Session Established but the Remote Desktop Isn't Loading
* Geo-blocked Websites
* How to Troubleshoot Socket Site Packet Loss
* VoIP Troubleshooting
* How to Solve "Secure Connection Failed" Error
* Troubleshooting Access
* IP Routing Prevents Windows Client Authentication
* No Internet Error on Windows - NCSI Troubleshooting
* Windows SDP Client Hangs Due To High CPU Utilization
* Users/Groups in Azure AD are Not Getting Provisioned to CMA via SCIM
* How to Remove macOS SDP Client User Profiles
* SDP client fails to connect due to netsh crashes with Windows 11
* SDP Client Silently Upgraded Even Though Policy was Changed to Managed
Upgrade
* Device Authentication Troubleshooting
* macOS Ventura Users Unable to Reach Internal Resources Via Cato
* SSO Authentication Fails When Using External Browser | localhost Error
* How to Capture Traffic for SDP Client Issues with Wireshark
* Linux Client Permission and Syntax Troubleshooting
* Troubleshooting Directory Services and User Awareness Errors and Issues
* Troubleshooting Cato Windows Client Installation Issues
* SDP User Doesn't Receive SMS MFA Code
* Troubleshooting the "Installation success or error status: 1603" When
Installing the Windows SDP Client
* Troubleshooting Cato SDP Client Performance Issues
* Troubleshooting Domain Controllers for Real Time Sync Connection Errors
* SDP Client Can't Connect to Remote Resources
* How To Enable Debug Mode | Windows Client
* Troubleshooting Security
* Data Control Rule Doesn't Work on JAR File When Match By Source Code
* Accessing An Untrusted Website Is Blocked Even Though TLS Inspection Is
Disabled
* Why Do Connections Destined for the Same Server Receive Different
(Block/Allow) Action from Cato?
* ChatGPT Blocks Traffic from the Cato Cloud
* DLP Troubleshooting
* Cisco Umbrella DNS Redirection Getting TLS Block/Warning Page
* Download of EICAR Files Are Not Getting Blocked by Cato
* How to Check if Traffic is Blocked by the WAN Firewall
* How to Verify if Cato or Custom Root Certificate is Installed
* Websites with Prompt Page Don't Load Properly
* Users Are Getting "Your connection is Not Secure" Message While Browsing
Websites
* YouTube Videos Won't Load
* Troubleshooting Cato Management Application
* Real-Time Monitoring Shows Imprecise QoS Priority for Traffic
* Cato Management Application Error Codes
* Working with Cato Support
* Cato Managed Changes in your CMA Account
* Information to Collect When Submitting Tickets to Cato Networks Support
* Support Self Service | SupportMe Portal
* Submitting a Support Ticket
* Announcement Regarding Changes to Submit a Request | July 2021
* Settings That Can be Modified by Cato Support
* Cato Cloud Articles
* Showing the Status of the Cato Cloud
* Accessing the Master Service Agreement
* Legacy Cato Management Application
PARTNER ONLY
* Video Product Updates for Partners
* Cato Tech Update - September 19, 2022 (video)
Cato Management Application
Knowledge Base Community Release Notes Partners
Submit a Request Sign in
1. Cato Knowledge Base
2. Cato Networks Knowledge Base
3. Security
4. Other Security Articles
ANALYZING SECURITY EVENTS ACCORDING TO THREAT REPUTATION
* Updated 1 month ago
* 0 comments
FollowNot yet followed by anyone
OVERVIEW
The Security research team in Cato Networks has developed analytical engines to
tag malicious IP addresses, URLs, and domain names with a bad reputation. This
reputation indicates that we discovered that the specific IP address, URL, or
domain initiated suspicious or malicious activity. For example, malware C&C,
network scanners, phishing activity, and so on.
The IPS engine in the Cato Cloud blocks network traffic that is tagged with a
bad reputation and generates a reputation-based security event with the threat
type Reputation.
The following screenshot shows an example of a security event with the
Reputation threat type from Event Discovery:
REASONS FOR BLOCKED TRAFFIC
When Cato's IPS engine identifies potentially malicious traffic and blocks it
based on the threat reputation, the threat name field explains the reason why
the traffic was blocked.
Values for the threat name field include, but are not limited to:
* Domain reputation based signature - Phishing
* Reputation IP based signature - Botnet
* IP reputation based signature - Malicious IP
* Domain reputation based signature - Malicious Domain
* IP reputation based signature - Abuse
* URL reputation based signature - Malicious URL
WHAT ARE THE DIFFERENT THREAT TYPES?
Each Security Event generated within the Cato Management Application is
categorised by a field called threat type. This field displays a high-level
overview of the type of threat that Cato has protected you against, and
provides you with an indication of any potential malicious activity.
The threat types which may be displayed in a Security Event include:
* Spam
* Brute Force
* Scanner
* Phishing
* Policy Violation
* Crypto Mining
* Anonymizer
* DoS
* Network Scan
* Vulnerability Scan
* Information Disclosure
* Privilege Escalation
* Reputation
* Remote Code Execution
* PuP
* Web Application Attack
* Malware
* Malicious Browser Extension
SAMPLE THREAT REPUTATION SECURITY EVENT WORKFLOW
1. The Security research team identifies that a domain is potentially a source
of malicious attacks.
2. The domain is tagged with a bad reputation and the IPS engine is updated.
3. An end-user tries to access the domain, and IPS blocks the connection and
generates a Security event with the threat type Reputation.
WHAT'S THE SIZE OF CATO'S THREAT DATABASE?
The Threat Database at Cato Networks is constantly evolving in line with the
ever-changing threat landscape. We continuously improve the size and scope of
our threat detections to ensure maximum protection for our end customers. For
representative figures, as of July 8th 2021 we currently have, but are not
limited to:
* 750+ million domains and 32+ billion URLs classified
* 80+ site categories, including high-risk categories
* 6 million dangerous IPs correlated with URLs
PREVIOUS ARTICLE
Best Practices for Implementing Cato Threat Protection
NEXT ARTICLE
How to Integrate Third-Party DDoS Services for Internet-Facing RPF Traffic
WAS THIS ARTICLE HELPFUL?
0 COMMENTS
Add your comment
Please sign in to leave a comment.
KNOWLEDGE BASE
Monitoring Network Access Security Administration Getting Started Support
Announcements
COMMUNITY
All Community Topics Network Topics Security Topics Cato API Topics Users and
Remote Access Topics Other Topics
PARTNER CONTENT
Partner Release Notes Partner Video Tech Updates Partner Articles
Cato Cloud Status Page Privacy Policy Cato MSA All rights reserved Cato Networks
2023