support.catonetworks.com
Open in
urlscan Pro
104.16.53.111
Public Scan
Submitted URL: https://support.catonetworks.com/hc/en-us/articles/360011568478
Effective URL: https://support.catonetworks.com/hc/en-us/articles/360011568478-Analyzing-Security-Events-According-to-Threat-Reputation
Submission: On March 26 via manual — Scanned from DE
Effective URL: https://support.catonetworks.com/hc/en-us/articles/360011568478-Analyzing-Security-Events-According-to-Threat-Reputation
Submission: On March 26 via manual — Scanned from DE
Form analysis
1 forms found in the DOMGET /hc/en-us/search
<form role="search" class="form-field flex-1 mb-0" data-search="" data-instant="true" autocomplete="off" action="/hc/en-us/search" accept-charset="UTF-8" method="get"><input name="utf8" type="hidden" value="✓" autocomplete="off"><input type="search"
name="query" id="query" placeholder="Search" autocomplete="off" aria-label="Search"></form>
Text Content
Skip to main content Getting Started Getting Started Monitoring Monitoring Network Network Access Access Security Security Administration Administration Announcements Announcements Support Support GETTING STARTED * Welcome to the Cato Service * Understanding Packet Flow with Cato SPACE Architecture * Understanding Cato's Gradual Rollout * Glossary of Cato Terms * Understanding Cato Product Updates (Release Notes) * Starting ZTNA with Cato * What is Cato's ZTNA Solution * Importing Users to Cato * Authenticating SDP Users * Distributing Cato Clients to Devices * Client Lifecycle Management * Adding Sites to Your Account * Site to Site WAN Connectivity with the Cato Cloud * Selecting the Site Type * Selecting the Connection Type for a Site * Sample Procedure - Adding a Site with X1500 Socket * Sample Procedure - Adding a Site with IPsec IKEv2 * Sample Procedure - Adding a Site with IPsec IKEv1 * Implementing Cato Networks Threat Protection * Overview of Threat Prevention * Configuring IPS and Geo Restriction * Intro Video Tutorials * How to open a ticket to Cato Support (Video) * How to use the Cato Knowledge Base (Video) * Introducing Cato Connection Methods (Video) * Getting Started with the Cato Management Application (Video) * Short Video Tutorials MONITORING * SASE Detection & Response * Network Playbooks * Site Reconnected to the PoP - Network Playbook * Socket HA Not Ready Playbooks * Incompatible Socket Versions (Socket HA) - Network Playbook * Standby Socket is Down (Socket HA) Network Playbook * Socket HA Keepalive or Split-Brain - Network Playbook * BGP Session is Disconnected - Network Playbook * LAN Monitoring Host Unreachable - Network Playbook * Link Quality SLA Issue - Network Playbook * Site is Disconnected - Network Playbook * Socket Link Down - Network Playbook * Analyzing XDR UEBA Stories for Usage and Events Anomalies * Reviewing XDR Network Stories * Reviewing Detection & Response (XDR) Stories for Your Account * Reviewing XDR Stories for Cato Endpoint Protection (EPP) Alerts * Reviewing XDR Stories for Microsoft Defender for Endpoint Alerts * Creating the Response Policy for XDR Stories * Working with the XDR Stories Dashboard * Muting Detection & Response (XDR) Stories * XDR Security Playbook - Suspicious Target Communication * Monitoring Video Guides * How to use Real-Time Monitoring (Video) * How to Show Network Analytics for Sites (Video) * How to use the Application Analytics Dashboard (Video) * Investigation * Explaining the Event Fields * Using the Topology Page * Analyzing Events in Your Network * Analyzing Traffic for all Account Sites * Showing User Analytics with SDP Users Overview * Showing The Routing Table for Your Account * Understanding App Analytics * Working with Private Applications on the App Analytics Page * Using the Admin Audit Trail * Dashboards * What is Cato Experience Monitoring * Using the Remote Users Dashboard * Using the Experience Monitoring Page * Using The Network Dashboard * Using the Cloud Activity Dashboard * Using the Threats Dashboard * Working with the MITRE ATT&CK® Dashboard * Using the DLP Dashboard * Using the Endpoint Protection Dashboard * Reports * Cato Reports * Generating an Application Analytics Report * Generating a Network Analytics Report * Generating an XDR Detections Report * Generating an XDR Network Monitor Report * Generating an XDR Investigations Report * Generating a Security Events Report * Generating a User Analytics Report * Practices Assessment * Reviewing Best Practices for Your Account NETWORK * Sites * Site Configuration * Socket Sites * Managing Sockets * Working with X1500, X1600 and X1700 Socket Sites * Exchanging Socket Ports * Configuring Link Aggregation for a Socket * Using Sockets in a High Availability (HA) Deployment * Understanding Socket Connectivity Event Message Fields * How to Capture Traffic on a Socket * How to Change the Socket Model for a Site * vSocket Sites * AWS vSocket Sites * Configuring High Availability (HA) for AWS vSockets * Deploying an AWS vSocket Site Manually * Deploying a vSocket Site from the AWS Marketplace * Unregistering and Redeploying AWS vSockets * AWS vSocket - Requesting an Amazon AMI Image * Azure vSocket Sites * Changing Azure vSockets to a Different VM Size * Deploying Azure vSockets from the Marketplace * Configuring High Availability (HA) for Azure vSockets * Deploying an Azure vSocket Site Manually * Copying the Azure vSocket VHD Image with SAS * Unregistering and Redeploying Azure vSockets * ESXi vSocket Sites * Configuring a VMware ESXi vSocket Site * Unregistering and Redeploying ESXi vSockets * IPsec Sites * Configuring Sites with IPsec Connections * Configuring IPsec IKEv1 Sites * Configuring an IPsec IKEv2 Site for a Firewall/Router with Dynamic IP * Configuring IPsec IKEv2 Sites * Troubleshooting IPsec Connectivity * Cato Cloud to Cisco IOS/IOS-XE via HA IPSec Tunnels * Cato Cloud to VMware Edge via HA IPsec Tunnels * Cato Cloud to FortiGate via HA IPSec Tunnels * Cato Cross Connect Sites * Cato Cross Connect Availability * Cross Connect for Azure Public Cloud * Getting Started with Cato Cross Connect Sites * Cross Connect for Oracle Public Cloud * Cross Connect for GCP Public Cloud * Cross Connect for AWS Public Cloud * Site Routing * BGP * Using BGP in the Cato Cloud * Cato Reserved BGP Communities * Defining BGP Neighbors * Configuring BGP Neighbors for a Cato Socket * Configuring BGP Neighbors for an IPsec Connection * Working with BGP Summary Routes * Configuring BFD for BGP Neighbors * Internet Traffic Backhauling * Configuring Internet Traffic Backhauling * Backhauling Traffic to a LAN Device * Hairpinning Traffic to the Same Site * Backhauling Traffic via a Socket's WAN Interface IP Address * Backhauling Traffic via an IPsec Site * Configuring the Socket LAN Firewall Policy * Local Routing at the Socket * Upgrading the Local Routing Policy to the LAN Firewall * Working with Sites * Using the Cato Management Application to Add Sites * Advanced Configurations for a Site * Configuring Network Ranges for a Site * Defining Hosts for a Site * Working with LAN Monitoring for a Site * Bypassing the Cato Cloud * Configuring Local Port Forwarding * Site Monitoring * Connectivity Statuses for Cato Sites * Monitoring a Site with a Snapshot * Showing the Site Network Analytics * Analyzing QoS and Bandwidth Management for a Site (Priority Analyzer) * Analyzing Data for a Site in Real Time * Network Video Guides * Socket Assignments and Descriptions (Video) * Link Congestion Alerts Threshold (Video) * XDR Report for Network Stories (Video) * Enhanced Automatic PoP Selection for Sites (Video) * Cross-Connect - Automating Site Provisioning with Equinix (Video) * AI-Powered Summaries for Network XDR (Video) * Port and Transport Level Metrics for Sites (Video) * Synthetic Probe Monitoring (Video) * Monitoring for App Performance and User Experience (Video) * Configure SA Lifetime for IPsec Sites (Video) * SNAT/DNAT Policy for IPSec and Cross Connect Sites (Video) * vSocket Onboarding to AWS Marketplace (Video) * XDR for Network Connectivity and Performance Incidents (Video) * BFD for IPsec and Cross Connect (Video) * Routing Options in The Cato Cloud (Video) * Improved Tunnel Reconnection Events (Video) * Networking Best Practices (Video) * How to Navigate the Site Settings Page (Video) * How to deploy a single vSocket in AWS (Video) * How to deploy a Socket site (Video) * How to create a packet capture on a Socket (Video) * Network Rules & QoS * Configuring a Site-Level NAT Policy * Configuring Network Rules * What is the Cato Network Rulebase * Explaining the Cato TCP Acceleration and Best Practices * What are the Cato Bandwidth Management Profiles * Configuring Bandwidth Management Profiles * Accelerating and Optimizing Traffic * Overriding Bandwidth Management Profiles for a Site * Routing Traffic to an Off-Cloud Link * Packet Loss Mitigation for Multi-Tunnel Links * Best Practices for Egressing Traffic In a Network Rule * Cato Intelligent Last-Mile Monitoring (ILMM) * What is Cato ILMM * Managing ILMM for Your Account * Working with ILMM Licenses for Sites * Account Network Settings * Cato DHCP * Configuring DHCP Settings * Configuring Cato as the DHCP Relay * Showing Known Hosts for a Site * Showing the DHCP Pools for a Site * Best Practices for DHCP * How to find DHCP host allocation * DHCP Doesn't Work With Subnet Source Bypass * Connection SLA * Configuring the Connection SLA Settings * Defining a Preferred PoP for a Site * Configuring a Last-Resort Link * Customizing the WAN Keepalive Frequency * Configuring System Settings for the Account * Configuring DNS Settings * Monitoring Internet and WAN Applications using Synthetic Probes * Defining DNS Forwarding Rules * Configuring Remote Port Forwarding for the Account * Using IP Ranges in Policies * Creating Floating Ranges for an Account * Allocating IP Addresses for the Account * Working with Link Health Rules * Cato Sockets * Reimaging Cato Sockets * Overview of Reimaging Cato Sockets * How to Reset an X1500 Socket (USB Drive) * How to Reset an X1500B Socket (USB Drive) * How to Reset an X1600 Socket (USB Drive) * How to Reset an X1700 Socket (USB Drive) * How to Reset an X1700B Socket (USB Drive) * Understanding Cato Sockets * Understanding Cato's Managed Socket Upgrade Service * What is Socket High Availability (HA) * Cato Socket: Deep Knowledge * Part 1: The Socket Interfaces and Precedence * Part 2: PBR and Network Rules within the Socket * Part 3: The Socket Traffic Prioritization and QoS * Active/Active Traffic Distribution * Cipher Suites Used by the Cato Socket and SDP Client * Working with Socket Hardware * Using PPPoE with Cato Sockets * Socket X1500 | Status LEDs for Ethernet Ports * X1500 Socket Electrical Specifications * Supported Socket Transceivers and USB Ethernet Adapters * X1600 Socket Electrical Specifications * X1700 Socket Electrical Specifications * Assigning a Static IP to a Socket * How to run an X1500 Socket using a USB Flash Drive * Using Cellular Modems with a Socket * Handling Stolen or Compromised Sockets * Connectivity Requirements for Socket Upgrades * Cato Socket Deployment Guides * Using the Socket WebUI * Using the Socket WebUI Tools * Setting a Different Port to Connect to the Cato PoP * Cato Socket RMA (Return Merchandise Authorization) Process * Performance Troubleshooting: Socket Behind a Third-Party Firewall * Remotely Pinging the Socket Interface * Updating the Socket WAN Interface Bandwidth * High Current Distance (Latency) * How to Reconnect the Socket Tunnel * Other Network Articles * Production PoP Guide * Decommissioning of China PoP Locations * Working with the Cato System Range * Best Practices for IPsec Connections * Controlling Inbound Traffic with Remote Port Forwarding * Explaining How Cato Classifies Network Applications * Best Practices for DNS and Your Cato Account * Handling DNS Flows in the Cato Cloud * Network Segmentation - Best Practices * Best Practices to Measure Last-Mile Performance with SpeedTest * Introducing Cato Networks' Internet Recovery * Integrating Cato with Alternative WAN Network * Implementing QoS using Microsoft Teams and Cato * Recovering WAN Traffic * How to Reduce the Citrix Recovery Time * Asymmetric Routing over Cato and MPLS * Configuring Your Account to Support IP Overlapping * Network Deployment * Cato and AWS Transit Gateway * Connecting the Cato Cloud to an AWS Transit Gateway * Setting up a Cato-Initiated IPsec to Your AWS Transit Gateway * How to Implement Cato vSocket in AWS Multiple VPCs Environment * Redundant VPN Connection to AWS Using BGP * Connect your AWS assets to Cato Cloud with Amazon Virtual Private Gateway * Aruba Wireless Access Point Traffic Not Traversing Cato * How to Use a vSocket in Azure Multiple VNets Environment * How to Integrate RingCentral with Cato Networks * Redundant VPN Connection to Oracle Cloud using BGP * Setting Up Redundant VPN Tunnels to Google Cloud Platform (GCP) * Socket Best Practice: VLANs vs. Routed Ranges * Connecting a Socket to a switch with VLANs (802.1q) * Cato Socket vs IPsec Sites and Tunnels * Cato Socket Connection Prerequisites * Setting Up Redundant VPN Tunnels to Amazon Web Services (AWS) ACCESS * Access Video Guides * EPP: Behavioral Analysis Engine Default Configuration Change (Video) * Windows Cato Client v5.10 (Video) * Enforce Policies Based on User Location (Video) * Proxy Configuration Policy (Video) * Filter Unified Events for All Users (Video) * New iOS Client v5.2 (Video) * Cato Client for Linux - v5.2 (Video) * One-Time Authentication for Secured Internet Access (Video) * Cato Client for macOS - v5.5 (Video) * SSO Authentication with PingFederate (Video) * Users Report (Video) * Android Client Version 5.0.1.115 (Video) * How to find Network Analytics for SDP Users (Video) * An Overview of Agent Based User Awareness (Video) * How to Enable Pre-Login for SDP Clients (Video) * An Overview of Pre-Login for SDP Clients (Video) * How to provision users with SCIM and Microsoft Azure (Video) * How to install the Cato SDP Client on Windows (Video) * An Overview of SSO at Cato Networks (Video) * How to define first upgraded SDP users (Video) * Using SSO and the Cato SDP Client (Video) * Identity Providers and Authentication * Directory Services * SCIM User Provisioning * Provisioning Users with SCIM * SCIM Provisioning with Azure * SCIM Provisioning with Okta * SCIM Provisioning with OneLogin * LDAP User Provisioning * Provisioning Users with LDAP * Overview of Directory Services and User Awareness (LDAP On-Premises) * Syncing Users with LDAP * Configuring the Windows Server for Directory Services * Configuring LDAP Sync and SSO with OneLogin * Configuring Directory Services with Okta LDAP * Adding Users to Your Cato Account * Using an Identity Provider for Your Cato Account * Activating Users * Working with Users * Working with User and System Groups * Provisioning Users and User Groups with SCIM and LDAP * Changing Between SCIM and LDAP User Provisioning * Changing the Email Address or User Principal Name of Users * User Awareness * Using Cato Identity Agents for User Awareness * Adding User Awareness to Directory Services * Using AD Query for User Awareness * Managing User Awareness Exceptions * Adding Reverse DNS Lookup Hosts * Single Sign-On * SSO Authentication for SDP Users with Cato * Configuring SSO and the Subdomain for the Account * Configuring Azure SSO for Your Account * Authenticate Users Automatically with Windows Credentials * Configuring Okta SSO for Your Account * Configuring PingFederate SSO for your Account * Configuring Google SSO for Your Account * Changing your Account Name and Subdomain * SSO Session Behavior for Windows SDP Client * Understanding the Single User Identity * Assigning SDP Licenses to Users * How to Configure Windows Event Forwarding for User Awareness? * User Awareness | WMI "Test connection" fails when querying a DC on Windows server 2008 * How Cato MFA and Expiration Mechanism Works * Configuring Access Control with MAC Address Authentication * Client Access * Distributing and Installing Device Certificates * Distributing Device Certificates to Windows Devices With Certutil * Distributing Device Certificates to macOS and iOS Devices with Jamf * Distributing Device Certificates to macOS and iOS Devices with Microsoft Intune * Installing Device Certificates on Linux Devices * Configuring the Authentication Policy for Cato Clients * Controlling Certified Corporate Devices (Device Authentication) * Configuring Split Tunnel for SDP Clients * Split Tunnel Configuration for Specific SDP Users * LAN Blocking for the Windows Client * Providing Cato With SDP User Feedback * Using Windows Pre Login and the SDP Client * Configuring SDP Client Settings for the Account * Zero Trust Device Security With Cato * Configuring Settings for the macOS and iOS Clients * Client Policies * What is the Client Connectivity Policy? * Configuring the Client Connectivity Policy * Creating Device Posture Profiles and Device Checks * Protecting Users with Always-On Security * Remote Internet Security with One Time Authentication * Disable Always-On in Designated Trusted Networks * Centralized Management of Remote Traffic Routing (Split Tunnel Policy) * IP Allocation Policy * Centralized Management of Proxy Configuration (Proxy Configuration Policy) * Centralized Management of SDP User DNS Settings (DNS Policy) * Cato SDP Clients * Cato Client Installation Guides * Windows * Getting Started with the Windows Client * Installing the Cato Certificate on Windows Devices * macOS * Getting Started with the macOS Client * Installing the Cato Certificate on macOS Devices * Linux * Installing and Running the Linux Client (v5.1 and above) * Installing and Running the Linux Client v5.0 * iOS * Getting Started with the iOS Client * Installing the Cato Certificate on iOS Devices * Android * Getting Started with the Android Client * Installing the Cato Certificate on Android Devices * Summary of Cato Client Releases * Summary of Cato Client Releases * Summary of Cato Windows Client Releases * Summary of Cato macOS Client Releases * Summary of Cato iOS Client Releases * Summary of Cato Android Client Releases * Summary of Cato Linux Client Releases * How Can I Download the Cato Client? * Installing the Cato Client * Understanding the Cato Client Connection Flow * Managing the Rollout of Client Versions * Best Practices for Cato Client Upgrades * Deploying and Upgrading macOS Clients with an MDM * Access Features per Client OS and Version * Customizing the Cato Client * Using Windows Client 5.0 on Windows Server * MAC Address of SDP Clients * How to Collect SDP Client Logs * Deploy Cato SDP Client with Intune (Windows) * Recording Issues Using the SDP Client * Using Captive Portal Detection with Cato Clients * End of Support (EoS) Policy for Cato Clients * Improved SSO Workflow for Cato Clients * Configuring a Different UDP Port for the Cato Client * Understanding Expiring Session for SDP Users * Client TCP Fallback for UDP Tunnel * How to Uninstall the Windows Client Using MsiExec.exe * Supported Throughput for Cato SDP Clients * Managing SDP Clients with the Cato User Portal * Cato Client Privacy Data Sheet * Browser Access * Browser Access Portal Overview - Securing Remote Access to Applications * Configuring the Browser Access Portal * Defining the Browser Access Policy * Managing Applications for the Browser Access Portal * Other Access Articles * Configuring Office Mode * Working with Analytics for Specific SDP Users * Exporting SDP User Data * Isolating and Securing Customer Traffic in Cato Multi-Tenant Cloud * Monitoring Users with a Snapshot SECURITY * Internet & WAN Firewalls * RBI * Securing Browsing Sessions Through Remote Browser Isolation (RBI) * Configuring the RBI Service for Secure Web Browsing * What is the Cato Internet Firewall? * Internet and WAN Firewall Policies – Best Practices * Managing Internet Firewall Rules * What is the Cato WAN Firewall? * Managing the WAN Firewall Rules * Sample WAN Firewall Rulebase * Understanding Source, Destination, App, and Category Objects for Rules * Adding Sections to the WAN and Internet Firewalls * Adding Device Conditions to Firewall Rules * Customizing the Block/Prompt Page * Restricting Content for Internet Traffic * How to allow SMB/SMTP outbound traffic (or any other service) * Threat Prevention * IPS Service * Cato Cloud Security Protections * How the Cato Cloud Protects your Account from Ransomware Encryption Actions * How the Cato Cloud Protects your Account from Phishing Attacks * How the Cato Cloud Protects your Account from Cobalt Strike Attacks * Cryptocurrency and the Cato Cloud * How the Cato Cloud Protects your Account from Suspicious Chrome Extensions * DNS Security * How the Cato Cloud Protects against DNS Tunneling * Customizing the DNS Protections for IPS * Securing AI App Traffic * Configuring the IPS Policy * Allowlisting IPS Signatures * Monitoring Suspicious Activity with IPS (SAM) * Enabling and Working with Anti-Malware and IPS * Testing Threat Prevention for Anti-Malware and IPS * Anti-Malware * What is the Cato Anti-Malware Policy? * Configuring the Anti-Malware Policy * Allowlisting Anti-Malware Traffic * Managed Threat Intelligence in the Cato Cloud * TLS Inspection * TLS Inspection Certificates * Installing the Root Certificate for TLS Inspection * Certificate Warnings with Blocked HTTPS Websites * Installing Root CA Certificate to Firefox * How to Install the Cato Certificate * Securing Traffic with TLS Inspection Using Private Certificates * Configuring TLS Inspection Policy for the Account * Adding Device Conditions for TLS Inspection * Best Practices for TLS Inspection * Supported TLS Cipher Suites for Cato TLS Inspection * Testing TLS Inspection in the Cato Cloud * App & Data Control * Cloud Access Security Broker (CASB) * What is the Cato CASB Solution * Using Default Recommended CASB/DLP Policy * Managing the Application Control Policy * Creating File Control Rules in the Application Control Policy * Controlling Access to SaaS Application Tenants with Header Injection * Managing Tenant Control for SaaS Applications * Working with the Cloud Apps Dashboard * Data Loss Prevention * What is the Cato DLP Service * Creating the Data Control Policy * Creating DLP Content Profiles * Working with Custom Data Types for DLP * Working with Exact Data Matching (EDM) for DLP * Using MIP Sensitivity Labels in your Cato DLP Policy * Cato SaaS Security API * What is SaaS Security API * Configuring the SaaS Security API Connector for Box * Configuring the SaaS Security API Connector for Dropbox * Configuring the SaaS Security API Connector for Google Drive and Gmail * Configuring the SaaS Security Connector for Microsoft Exchange * Configuring the SaaS Security API Connector for Microsoft OneDrive * Configuring the SaaS Security API Connector for Microsoft SharePoint * Configuring the SaaS Security API Connector for Salesforce * Configuring the SaaS Security API Connector for ServiceNow * Configuring the SaaS Security API Connector for Slack * Reviewing Security Checks for SaaS Apps * Using the SaaS Security API Dashboard * Endpoint Protection * Getting Started with Cato's Endpoint Protection (EPP) * Installing the Endpoint Protection Solution on Your Endpoints * Configuring Endpoint Protection * Monitoring and Responding to Endpoint Protection Threats * Security Video Guides * Increased Visibility of Remote User Access and Security (Video) * Enhanced XDR Stories for Microsoft Defender Endpoint Alerts (Video) * XDR Detections Report (Video) * Cato XDR Online Training * Exact Data Matching for DLP (Video) * Full Context Enriched Events (Video) * Custom App Detection and Configuration from within App Analytics (Video) * DLP Engine Scans ChatGPT traffic (Video) * DLP ML Classifiers - Content Detection with Pre-Trained Models (Video) * XDR Stories Grouping by Source (Video) * Domain Classification Override (Video) * File Type Control Policy (Video) * XDR Response Stories Events (Video) * OCR Scanning for DLP Content Inspection (Video) * XDR Response – Email Notifications (Video) * Criticality Risk Score (Video) * How to use the Threats Dashboard (Video) * How to enforce a Twitter Posting Policy using CASB (Video) * How to test a Data Control (DLP) Rule (Video) * How to configure a Data Loss Prevention (DLP) rule (Video) * How to configure a Firewall Rule (Video) * How to check for Apache Log4j RCE vulnerabilities (Video) * How to lookup a Domain Category (Video) * Getting Started with Data Loss Prevention (Video) * Getting Started with CASB (Video) * Cato's MDR Service * Getting Started with MDR * An Overview of Threat Intelligence * Reviewing Detection & Response Stories for MDR Customers * Other Security Articles * Best Practices for Cyber Security and the Cato Cloud * Best Practices for Implementing Cato Threat Prevention * Analyzing Security Events According to Threat Reputation * How to Integrate Third-Party DDoS Services for Internet-Facing RPF Traffic * Show the real local location while searching Google ADMINISTRATION * Cato Management Application Admins * Managing Administrators * Configuring Roles and Permissions for Admins (RBAC) * Configuring an Admin with Regional Viewer Permissions * Configuring Authentication Settings for Administrators * Configuring Roles and Permissions for Reseller Admins * Administrator Password Expiration Policy * Setting Admin Preferences * Administration Video Guides * License Expiration Banner (Video) * Account Access Control (Video) * Choosing Your Cato Management Application Homepage (Video) * Role-Based Access Control (Video) * Webhooks Integration (Video) * Scheduled Reports (Video) * Alerts Integration (Video) * Show Information about Your Cato Management Application Account (Video) * Integrations Catalog (Video) * Integrating Cato Events with Azure Storage Account (Video) * How to navigate the Apps Catalog (Video) * How to use the Search bar in the Cato Management Application (Video) * How to use Topology Grouping (video) * Assets * Using the Integrations Page * Managing Groups * Uncategorized vs. Undefined System Categories * Working with Custom Applications * Working with Categories * Working with Advanced Configuration for the Account * Using the App Catalog * Overriding Default Domain Categories for the Account * Identifying the Category for a Domain * Configuring the Microsoft Entra ID (Azure AD) Connector * Configuring the Microsoft Entra ID Protection Connector for Sign-In Anomaly Data * Using the Threat Catalog * Using the Indications Catalog * Using the Device Inventory * Account * Allowing Account Access * Viewing the General Account Info * Guide to Cato Data Lake Storage * Showing All Sockets in the Account (Sockets Inventory) * Working with Cato License Types * Managing Site Bandwidth Licenses * Showing Zendesk Tickets for Your Account * Alerts * Creating a Jira Alert Integration * Creating a ServiceNow Alert Integration * Creating a Slack Alert Integration * Creating a Webhooks Alert Integration * Understanding the JSON Fields for Alert Integrations * Account Level Alerts and System Notifications * Creating Subscription Groups * Working with Mailing Lists * Customizing Email Notifications * Event Integration * Integrating Cato Events with Azure Storage Account * Integrating Cato Events with AWS S3 * Event Integration Event Fields * Third-Party Supported Integrations for Cato Data * Exporting Log Files * Other Administration Articles * Cato API * Cato Configuration API - Reference Guide * Managing Admins with the Cato API * Configuration API - addSocketSite * Configuration API - updateSiteGeneralDetails * Configuration API - updateSocketInterface * Configuration API - removeSite * Configuration API - updateHa * Configuration API - Adding, Updating, and Removing networkRange * Configuration API - Adding, Updating, and Removing staticHost * Using the Cato Site Creation API with Postman * Configuration API Scripts * Cato Configuration API Schema * Cato Monitoring API - Reference Guide * Getting Started with the Cato API * Cato Read Only API - events * Cato API - AccountMetrics * Cato API - AccountMetrics > Sites * Cato API - AccountMetrics > Sites > Interfaces * Cato API - AccountMetrics > Sites > SiteInfo * Cato API - AccountMetrics > Timeseries * Cato API - AccountSnapshot * Cato API - AccountSnapshot > Sites * Cato API - AccountSnapshot > Sites > Devices * Cato API - AccountSnapshot > Sites > Devices > Interfaces * Cato API - AccountSnapshot > Users * Cato Read Only API - appStats * Cato API - AuditFeed * Cato API - EntityLookup * Cato API - EventsFeed (Large Scale Event Monitoring) * Cato API - EventsFeed > EventRecord (Large Scale Event Monitoring) * SIEM Integration Guide for the Cato API * Working with accountMetrics > Granularity * Example Scripts: Using the Cato API with Python * Connecting to the Cato API Server from the GraphQL Playground * Understanding Cato API Rate Limiting * Troubleshooting Cato API Calls * Support Policy for the Cato API * Running API Calls with the Cato Cloud * Cato Management Application * Welcome to Cato Networks * Priority Analyzer Shows Imprecise QoS Priority for Traffic * Log Exporter: Under the Hood * Monitoring Your Site with Connectivity Alerts * Cato IPsec Guide: IKEv1 vs IKEv2 * QoS Policies Explained * How to Configure an Egress Rule * Finding the Public IP of Your Sites in the Cato Management Application * Working with the Cato Management Application * Cato Management Application - Known Limitations & Resolved Issues * Exporting Security Rules to a CSV File * Setting the Time Range Filter * Services * Training 101: Cato Management Application * Creating an Online Order for Your Cato Account * Generating API Keys for the Cato API * Troubleshooting Support Self Service Portal * Configuring the Socket Upgrade Maintenance Window * Cato Cloud Thresholds and Limits * Requesting New Features (RFEs) * Cato Networks Scanners or Penetration Testing * Status page subscription guide * Cato Networks SVG Stencils * Downloading Cato Digital Certificates * Defining Default Working Hours for the Account ANNOUNCEMENTS * Release Notes * Feature Overview Video Library 📺 * Product Update - Mar. 25th, 2024 * Product Update - Mar. 18th, 2024 * Product Update - Mar. 11th, 2024 * Product Update - Mar. 4th, 2024 * Product Update - Feb. 26th, 2024 * Product Update - Feb. 19th, 2024 * Product Update - Feb. 12th, 2024 * Product Update - Feb. 5th, 2024 * Product Update - Jan. 29th, 2024 * Product Update - Jan. 22nd, 2024 * Product Update - Jan. 15th, 2024 * Product Update - Jan. 8th, 2024 * Product Update - Jan. 1st, 2024 * Product Update - Dec. 25th, 2023 * Product Update - Dec. 18th, 2023 * Product Update - Dec. 11th, 2023 * Product Update - Dec. 4th, 2023 * Product Update - Nov. 27th, 2023 * Product Update - Nov. 20th, 2023 * Product Update - Nov. 13th, 2023 * Product Update - Nov. 6th, 2023 * Product Update - Oct. 30th, 2023 * Product Update - Oct. 23rd, 2023 * Product Update - Oct. 16th, 2023 * Product Update - Oct. 9th, 2023 * Product Update - Oct. 2nd, 2023 * Product Update - Sept. 26th, 2023 * Product Update - Sept. 18th, 2023 * Product Update - Sept. 11th, 2023 * Product Update - Sept. 4th, 2023 * Product Update - Aug. 28th, 2023 * Product Update - Aug. 21st, 2023 * Product Update - Aug. 14th, 2023 * Product Update - Aug. 7th, 2023 * Product Update - July 31st, 2023 * Product Update - July 24th, 2023 * Product Update - July 17th, 2023 * Product Update - July 10th, 2023 * Product Update - July 3rd, 2023 * Product Update - June 26th, 2023 * Product Update - June 19th, 2023 * Product Update - June 12th, 2023 * Product Update - June 5th, 2023 * Product Update - May 29th, 2023 * Product Update - May 22nd, 2023 * Product Update - May 15th, 2023 * Product Update - May 8th, 2023 * Product Update - May 1st, 2023 * Product Update - April 24th, 2023 * Product Update - April 10th, 2023 * Product Update - April 3rd, 2023 * Product Update - March 27th, 2023 * Product Update - March 20th, 2023 * Product Update - March 13th, 2023 * Product Update - March 6th, 2023 * Product Update - February 27th, 2023 * Product Update - February 20th, 2023 * Product Update - February 13th, 2023 * Product Update - February 6th, 2023 * Product Update - January 23rd, 2023 * Product Update - January 9th, 2023 * Product Update - December 26th, 2022 * Product Update - December 12th, 2022 * Product Update - November 28th, 2022 * Product Update - November 14th, 2022 * Product Update - October 31st, 2022 * Product Update - October 17th, 2022 * Product Update - October 3rd, 2022 * Product Update - September 19th, 2022 * Product Update - September 5th, 2022 * Product Update - August 22nd, 2022 * Product Update - August 8th, 2022 * Product Update - July 25th, 2022 * DLP Product Update - July 18th, 2022 * Product Update - July 11th, 2022 * Product Update - June 27th, 2022 * Product Update - June 13th, 2022 * Product Update - May 30th, 2022 * Product Update - May 16th, 2022 * Product Update - May 2nd, 2022 * Product Update - April 18th, 2022 * Product Update - April 4th, 2022 * Product Update - March 21st, 2022 * Product Update - March 7th, 2022 * Product Update - February 21st, 2022 * Product Update - February 7th, 2022 * Product Update - January 24th, 2022 * Product Update - January 10th, 2022 * Product Update - December 27th, 2021 * Product Update - December 13th, 2021 * Product Update - November 29th, 2021 * Product Update - November 15th, 2021 * Product Update - November 1st, 2021 * Product Update - October 18th, 2021 * Product Update - October 4th, 2021 * Product Update - September 20th, 2021 * Product Update - September 6th, 2021 * Product Update - August 23rd 2021 * Product Update - August 9th, 2021 * Product Update - July 26th, 2021 * Product Update - July 12th, 2021 * Product Update - June 28th, 2021 * Product Update - June 14th, 2021 * Product Update - May 31st, 2021 * Product Update - May 24th, 2021 * Product Update - May 17th, 2021 * Product Update - May 3rd, 2021 * Product Update - April 19th, 2021 * Product Update - April 5th, 2021 * Product Update - March 22nd, 2021 * Product Update - March 8th, 2021 * Product Update - February 22nd, 2021 * Product Update - February 8th, 2021 * Product Update - January 25th, 2021 * Product Update - January 11th, 2021 * Product Update - December 28th, 2020 * Product Update - December 14th, 2020 * Product Update - November 30th, 2020 * Product Update - November 16th, 2020 * Product Update - November 2nd, 2020 * Product Update - October 19th, 2020 * Product Update - September 7th, 2020 * Product Update - August 24th, 2020 * Socket Version 9.0 Release Notes * Product Update - July 27th, 2020 * Product Update - July 13th, 2020 * Product Update - June 29th, 2020 * Product Update - June 15th, 2020 * Product Update - June 1st, 2020 * Product Update - May 4th, 2020 * Product Update - April 20th, 2020 * Product Update - April 6th, 2020 * Product Update - March 23rd, 2020 * Product Update - March 9th, 2020 * Product Update - February 24th, 2020 * Product Update - February 10th, 2020 * Product Update - January 27th, 2020 * Product Update - January 13th, 2020 * Product Update - December 30th, 2019 * Product Update - December 16th, 2019 * Product Update - December 2nd, 2019 * Product Update - November 18th, 2019 * Product Update - November 3rd, 2019 * Product Update - October 6th, 2019 * Product Update - September 22nd, 2019 * Product Update - September 8th, 2019 * Product Update - August 25th, 2019 * Product Update - August 11th, 2019 * Product Update - July 28th, 2019 * Product Update - July 14th, 2019 * Socket Version 6.0 Release Notes * Product Update - June 30th, 2019 * Socket Release Notes * Socket Version 19.0 Release Notes * Socket Version 18.0 Release Notes * Socket Version 17.0 Release Notes * Socket Version 16.0 Release Notes * Socket Version 15.0 Release Notes * Socket Version 14.0 Release Notes * Socket Version 13.0 Release Notes * Socket Version 11.0 Release Notes * Socket Version 10.0 Release Notes * Socket Version 8.0 Release Notes * Socket Version 7.1 Release Notes * Socket Version 7.0 Release Notes * EA Documentation * Identifying SCIM Provisioned Users in Azure AD Hybrid Join (EA) * Recovering Connectivity with Alt. WAN Links (EA) * The Ring of Defense * The NIST CSF 2.0: Framework Governance? * No Ethical Boundaries: WormGPT * Keeping your SLED Secure: Should you pay a ransom? * LockBit hits TSMC: A $70M Ransom? * Reddit and Extorted It: OpenAI Leaks and Paying for Ransomware? * MOVEit or Lose it: Exploitation and Patching Hell * How to listen to the Ring of Defense * Security Obscurity: DNS Tunnelling and CensysGPT * CyberTalk with Bill and Robin: 24th May 2023 * CyberTalk with Robin - 28th April - The RBI Episode * CyberTalk with Bill and Robin - 3rd April 2023 * CyberTalk with Bill and Robin - 20th April 2023 * CyberTalk with Bill and Robin: 29th March 2023 * CyberTalk with Bill and Robin: 22nd March 2023 * Cybertalk with Bill and Robin: 16th March 2023 * Cybertalk with Bill and Robin: 2nd March 2023 * CyberTalk with Bill and Robin: 25th February 2023 * CyberTalk with Bill and Robin: 19th February 2023 * CyberTalk with Bill and Robin: 6th February 2023 * Cybertalk with Bill and Robin: 27th January 2023 * CyberTalk with Bill and Robin: 23rd January 2023 * CyberTalk with Bill and Robin: 4th January 2023 * CyberTalk with Bill and Robin - 22nd November 2022 * CyberTalk with Bill and Robin - 8th November 2022 * CyberTalk with Bill and Robin - 21st October 2022 * CyberTalk with Bill and Robin - 14th October 2022 * CyberTalk with Bill and Robin - 23rd September 2022 * Security Announcements * Security Vulnerability (CVE-2023-43976) that Impacts macOS Client v5.3.x * CVE-2022-28199 - NVIDIA DPDK Vulnerability * CVE-2021-44228: Apache Log4J RCE * Ransomware: The Kaseya VSA Supply Chain Attack * CVE-2021-1675 and CVE-2021-34527: PrintNightmare - Windows Print Spooler RCE * FAQ - Changes to the Anti-Malware Policy, Trusted Destinations, and TLS Inspection * CVE-2021-21972 VMware vCenter RCE * SolarWinds SUNBURST Malware and the Cato Cloud * General Notifications * For Microsoft Azure Sites - Changing Cato vSocket VMs to the Standard D8ls v5 VM Size * Upcoming Decommission of Special PoP Locations - June 1, 2024 * Browser Access Configuration Update * Important Updates for Legacy Clients and Windows Version * Update Required for Single Sign-On with Azure * Cato Mangament Application Notification: Incorrect Routing Configuration in Network Rules * Important Updates for Legacy Client and Windows Versions * Deprecating metrics Field in accountSnapshot API on Jan. 15, 2024 * Cato Management Application Notification: New DNS Settings Policy For SDP Users * Changes to Sites and Network Rules based on Second PoP Locations in Tokyo and Osaka (Japan) * Cato Read-Only API Notification – New Internal Cato ID for SDP Users * EoS for Windows and macOS Clients Earlier than v5.0 * EoS for Linux, iOS and Android Clients Earlier than v5.0 * Cato Management Application Notification: New Always-On Policy * FAQ - X1700 Socket Hardware Update (X1700B) * Understanding New Logic for Client Connectivity Policy * Upgrading to Socket v15 - Troubleshooting Connectivity Issues Related to Misconfigured Connectivity Settings * New Audit Trail Item Related to an Update to the Cato Cloud Infrastructure * Improved Behavior for MFA Verification Code with SMS * Cato Management Application Notification: Update to Deprecated Applications * Announcement Regarding End-of-Life (EoL) for Legacy Cato Management Application * Notification - Review Non-Ordered Firewall Settings and Activate the New Firewall * FAQ - Security Change to the Cato Cloud (May 30, 2021) * Announcement Regarding End-of-Life (EoL) for Cato Legacy Firewall * Upgrading Cato Windows Client * Announcement - Change for Opening Support Tickets in January 2021 * Legal * Update Regarding Cato Network’s Compliance with China’s PIPL * Restricted Countries List * Cato Networks Sub-Processors SUPPORT * Working with Cato Support * Cato Support Communication Methods and Contact Information * Priority 1 Issues and Cato Support * Partner Advanced Replacement Program * Cato Managed Changes in your Cato Management Application Account * Cato Networks’ Tiered Support Guidelines * Information to Collect When Submitting Tickets to Cato Networks Support * Showing the Status of the Cato Cloud * Support Self Service | SupportMe Portal * Accessing the Master Service Agreement * Submitting a Support Ticket * Announcement Regarding Changes to Submit a Request | July 2021 * Settings That Can be Modified by Cato Support * Troubleshooting Networking & Platform * Troubleshooting Playbooks * LTE Connectivity Troubleshooting * Troubleshooting Socket Registration/Initial Connectivity Failures * How to Troubleshoot Long Webpage Loading Time and Rendering Problems * Troubleshooting Issues Related to Local SMTP Servers * Troubleshooting Unusual Network Activity * Troubleshooting Azure HA vSocket - Networking Playbook * How to Troubleshoot Socket Site Packet Loss * VoIP Troubleshooting * Case Studies * Recovering Failed Add-On Installations on X1700 * Link Aggregation (LAG) Link Experiencing High Latency and Packet Loss * Socket High Availability Failover Fails Due To Meraki Switch GARP Limitation * Why Do Primary and Secondary Sockets Reconnect at the Same Time? * TLS Connection Failure Over Off-Cloud or Alt-WAN Links * ADUC Loads Slowly While Connected to Cato SDP Client * China | Webpage Having Rendering Issues * Android Devices Unable to Reach Internal Resources Via Cato * Websites Blacklisting Cato IP * Block Page - Connectivity Problem, Connection was Closed by Peer * Quota Exceeded in Cato * Changing the Interface Role Generates Reconnect Events * IP Address Conflict Reported on Socket UI Even After It's Resolved * When is a Flow Assigned QoS Priority 255? * Users Are Logged Out of Website After Successful Login * RDP Session Established but the Remote Desktop Isn't Loading * Geo-blocked Websites * How to Solve "Secure Connection Failed" Error * How-To Guides * How to Use HAR File to Analyze Webpage Issues * How to Collect HAR Data * Troubleshooting Access * Troubleshooting Playbooks * Users/Groups in Azure AD are Not Getting Provisioned to CMA via SCIM * Device Authentication Troubleshooting * Linux Client Permission and Syntax Troubleshooting * Troubleshooting Directory Services and User Awareness Errors and Issues * Troubleshooting Cato Windows Client Installation Issues * SDP User Doesn't Receive SMS MFA Code * Troubleshooting Cato SDP Client Performance Issues * Troubleshooting Domain Controllers for Real Time Sync Connection Errors * Case Studies * UA Sync Error NT code 0xc002001b * Azure Conditional Access Fails to Allow Cato SSO Authentication * Zscaler Network Error When Connected Via Cato SDP Client * IP Routing Prevents Windows Client Authentication * No Internet Error on Windows - NCSI Troubleshooting * Windows SDP Client Hangs Due To High CPU Utilization * SDP client fails to connect due to netsh crashes with Windows 11 * SDP Client Silently Upgraded Even Though Policy was Changed to Managed Upgrade * macOS Ventura and iOS Users Unable to Reach Internal Resources Via Cato * SSO Authentication Fails When Using External Browser | localhost Error * Troubleshooting the "Installation success or error status: 1603" When Installing the Windows SDP Client * SDP Client Can't Connect to Remote Resources * User Not Mapped by User Awareness * How-To Guides * How to Remove macOS SDP Client User Profiles * How to Capture Traffic for SDP Client Issues with Wireshark * How To Collect Console Logs on macOS * How to install Cato Certificate on Linux (Ubuntu) * How To Enable Debug Mode | Windows Client * Troubleshooting Security * Troubleshooting Playbooks * DLP Troubleshooting - Security Playbook * Case Studies * Data Control Rule Doesn't Work on JAR File When Match By Source Code * Accessing An Untrusted Website Is Blocked Even Though TLS Inspection Is Disabled * Traffic Intermittently Fails to Match Firewall Rules * ChatGPT Blocks Traffic from the Cato Cloud * Cisco Umbrella DNS Redirection Getting TLS Block/Warning Page * Download of EICAR Files Are Not Getting Blocked by Cato * Websites with Prompt Page Don't Load Properly * Users Are Getting "Your connection is Not Secure" Message While Browsing Websites * YouTube Videos Won't Load * How-To Guides * How to Check if Traffic is Blocked by the WAN Firewall * How to Verify if Cato or Custom Root Certificate is Installed * Troubleshooting Cato Management Application * Real-Time Monitoring Shows Imprecise QoS Priority for Traffic * Cato Management Application Error Codes Cato Management Application Knowledge Base Community Release Notes & Roadmap Sign in 1. Cato Learning Center 2. Knowledge Base 3. Security 4. Other Security Articles ANALYZING SECURITY EVENTS ACCORDING TO THREAT REPUTATION * Updated 7 months ago * 0 comments FollowNot yet followed by anyone OVERVIEW The Security research team in Cato Networks has developed analytical engines to tag malicious IP addresses, URLs, and domain names with a bad reputation. This reputation indicates that we discovered that the specific IP address, URL, or domain initiated suspicious or malicious activity. For example, malware C&C, network scanners, phishing activity, and so on. The IPS engine in the Cato Cloud blocks network traffic that is tagged with a bad reputation and generates a reputation-based security event with the threat type Reputation. The following screenshot shows an example of a security event with the Reputation threat type from Event Discovery: REASONS FOR BLOCKED TRAFFIC When Cato's IPS engine identifies potentially malicious traffic and blocks it based on the threat reputation, the threat name field explains the reason why the traffic was blocked. Values for the threat name field include, but are not limited to: * Domain reputation based signature - Phishing * Reputation IP based signature - Botnet * IP reputation based signature - Malicious IP * Domain reputation based signature - Malicious Domain * IP reputation based signature - Abuse * URL reputation based signature - Malicious URL WHAT ARE THE DIFFERENT THREAT TYPES? Each Security Event generated within the Cato Management Application is categorised by a field called threat type. This field displays a high-level overview of the type of threat that Cato has protected you against, and provides you with an indication of any potential malicious activity. The threat types which may be displayed in a Security Event include: * Spam * Brute Force * Scanner * Phishing * Policy Violation * Crypto Mining * Anonymizer * DoS * Network Scan * Vulnerability Scan * Information Disclosure * Privilege Escalation * Reputation * Remote Code Execution * PuP * Web Application Attack * Malware * Malicious Browser Extension SAMPLE THREAT REPUTATION SECURITY EVENT WORKFLOW 1. The Security research team identifies that a domain is potentially a source of malicious attacks. 2. The domain is tagged with a bad reputation and the IPS engine is updated. 3. An end-user tries to access the domain, and IPS blocks the connection and generates a Security event with the threat type Reputation. WHAT'S THE SIZE OF CATO'S THREAT DATABASE? The Threat Database at Cato Networks is constantly evolving in line with the ever-changing threat landscape. We continuously improve the size and scope of our threat detections to ensure maximum protection for our end customers. For representative figures, as of July 8th 2021 we currently have, but are not limited to: * 750+ million domains and 32+ billion URLs classified * 80+ site categories, including high-risk categories * 6 million dangerous IPs correlated with URLs PREVIOUS ARTICLE Best Practices for Implementing Cato Threat Prevention NEXT ARTICLE How to Integrate Third-Party DDoS Services for Internet-Facing RPF Traffic WAS THIS ARTICLE HELPFUL? 1 out of 1 found this helpful 0 COMMENTS Add your comment Please sign in to leave a comment. KNOWLEDGE BASE Monitoring Network Access Security Administration Getting Started Support Announcements COMMUNITY All Community Topics Join the conversation PARTNER CONTENT Partner Release Notes Partner Video Tech Updates Partner Articles Cato Cloud Status Page Privacy Policy Cato MSA All rights reserved Cato Networks 2024