Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=cato-overview

Overview of the Cato integration

API Network

You can integrate Cato with Sophos Central so that it sends alerts to Sophos for analysis.

This page gives you an overview of the integration.

Cato product overview

Cato Networks is a cybersecurity and networking company that provides a cloud-based Secure Access Service Edge (SASE) platform. The platform converges network security and wide area networking (WAN) into a single, global cloud-native service.

Sophos documents

Integrate Cato

What we ingest

Sample alerts seen by Sophos:

  • Suspicious Network Activity (Domains)
  • Suspicious Network Activity (IPs)
  • Suspicious Network Activity Heuristic
  • Communication with newly registered domains
  • Suspicious Network Activity
  • Domain Generation Algorithm ML Model Detection
  • Vulnerability Scanners Detection

Filtering

We filter messages as follows:

  • We allow only messages in the correct format.
  • We deny messages that aren't in the correct format but don't drop the data.

Sample threat mappings

Sample mappings:

{"alertType": "ThreatPrevention", "threatId": "TA0002", "threatName": "Execution"}
{"alertType": "Suspicious Bot Activity (IP)", "threatId": "TA0011", "threatName": "Command and Control"}
{"alertType": "Common Scanners (Wanbound)", "threatId": "T1595", "threatName": "Active Scanning"}

Vendor documentation