Document toolboxDocument toolbox

Cato SASE collector

Overview

Cato SASE enables customers to be ready for whatever comes next. Cato achieves this transformational impact by partnering with customers to change the ownership model of IT infrastructure from "own it" to "use it".

Devo collector features

Feature

Details

Feature

Details

Allow parallel downloading (multipod)

not allowed

Running environments

  • collector server

  • on-premise

Populated Devo events

table

Flattening preprocessing

no

Requires IP Whitelisting

yes

Data sources

Data source

Description

GraphQL query

Collector service name

Devo table

Available from

Data source

Description

GraphQL query

Collector service name

Devo table

Available from

Security

Get all the Security event type

{ eventsFeed( accountIDs: [$accountIDs] marker: $marker filters: [{ fieldName: event_type, operator: is, values: ["Security"] }] ) { marker fetchedCount accounts { records { time fieldsMap } } } }

sase_security

sase.cato.security.{event_sub_type}

v1.0.0

Connectivity

Get all the Connectivity event type

{ eventsFeed( accountIDs: [$accountIDs] marker: $marker filters: [{ fieldName: event_type, operator: is, values: ["Connectivity"] }] ) { marker fetchedCount accounts { records { time fieldsMap } } } }

sase_connectivity

sase.cato.connectivity.{event_sub_type}

v1.0.0

Routing

Get all the Security event type

{ eventsFeed( accountIDs: [$accountIDs] marker: $marker filters: [{ fieldName: event_type, operator: is, values: ["Routing"] }] ) { marker fetchedCount accounts { records { time fieldsMap } } } }

sase_routing

sase.cato.routing.{event_sub_type}

v1.0.0

Sockets Management

Get all the Sockets Management event type

sase_sockets_management

sase.cato.sockets_management.{event_sub_type}

v1.0.0

System

Get all the System event type

sase_system

sase.cato.system.{event_sub_type}

v1.0.0

For more information on how the events are parsed, visit our page.

Flattening preprocessing

Data source

Collector service

Optional

Flattening details

Data source

Collector service

Optional

Flattening details

Security

sase_security

yes

not required

Connectivity

sase_connectivity

yes

not required

Routing

sase_routing (beta)

yes

not required

Sockets Management

sase_sockets_management (beta)

yes

not required

System

sase_system (beta)

yes

not required

Minimum configuration required for basic pulling

Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting

Details

Setting

Details

x-api-key

The API Key for CATO API.

account_id

The account ID for CATO API.

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Accepted authentication methods

Authentication method

x-api-key

account_id

Authentication method

x-api-key

account_id

credentials

REQUIRED

REQUIRED

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Collector services detail

This section is intended to explain how to proceed with specific actions for services.

Beta services

Services sase_system, sase_sockets_management and sase_routing are in beta.

sase_security

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component

Description

Component

Description

Setup

The setup module is in charge of authenticating the service and managing the token expiration when needed.

Puller

The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

Puller output

A successful initial run has the following output messages for the puller module:

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

  1. Edit the configuration file.

  2. Change the value of the request_period_in_seconds parameter to a different one.

  3. Save the changes.

  4. Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type

Error ID

Error message

Cause

Solution

Error type

Error ID

Error message

Cause

Solution

SetupError

100

HTTP Error occurred while retrieving events from CATO server: summary {error_message} {details}

Error occurred on the CATO server.

In this error you will find the HTTP error code as well as the summary and details.

101

Some error occurred while retrieving events from the CATO server. Error details {error}

Some error while retrieving the events from CATO server.

Please provide the error details

 

102

Credentials provided are not correct

 

x-api-key or account_id provided is not correct

 

Please provide the correct x-api-key and account_id.

 

PullError

300

HTTP Error occurred while retrieving events from CATO server: summary {error_message} {details}

This error happens when the collector tries to fetch the data from API.

 

In this error you will find the HTTP error code as well as the summary and details.

301

Some error occurred while retrieving events from CATO server. Error details: {details}

Some exceptions occurred while making the API request.

Reach out to the developer with the exact error message.

sase_system (beta)

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component

Description

Component

Description

Setup

The setup module is in charge of authenticating the service and managing the token expiration when needed.

Puller

The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

Puller output

A successful initial run has the following output messages for the puller module:

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

  1. Edit the configuration file.

  2. Change the value of the request_period_in_seconds parameter to a different one.

  3. Save the changes.

  4. Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

sase_routing (beta)

sase_sockets_management (beta)

Collector operations

This section is intended to explain how to proceed with specific operations of this collector.

Change log

Release

Released on

Release type

Details

Recommendations

Release

Released on

Release type

Details

Recommendations

v1.0.0

Jun 20, 2024

FIRST RELEASE



First version of the CATO collector.

Initial version