Cato SSE 360 Monitoring

Updated Nov 8, 2023

Configure Cato SSE 360 for Arctic Wolf monitoring

You can configure Cato SSE 360® to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Enable the events feed.
  2. Create an API key.
  3. Find the account ID.
  4. Provide your Cato SSE 360 credentials to Arctic Wolf.

Step 1: Enable the events feed

  1. In the Cato Management Application, click Administration > API & Integrations.
  2. On the Connectors tab, click the Enable integration with Cato events toggle to the on position.

Step 2: Create an API key

  1. In the Cato Management Application, click Administration > API & Integrations.

  2. On the API Keys tab, click New.

  3. On the Create API Key pane, configure these settings:

    • Key name — Enter a name for the API key.
    • API Permission — Select View.
    • Allow access from IPs — Select Any IP.
    • Expired at — Select an expiry date that meets your security governance requirements.
  4. Click Apply.

    The API key is added and the API key dialog appears.

  5. Save the API value in a safe, encrypted location. You will provide it to Arctic Wolf later.

  6. Click OK to exit the API key dialog.

Step 3: Find the account ID

  1. Sign in to your Cato account.
  2. In the URL, copy the 4-digit integer, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 4: Provide your Cato SSE 360 credentials to Arctic Wolf

Note: If API credentials fail, for example due to expired credentials, Arctic Wolf will notify you and request a new set of credentials. After receiving refreshed credentials, Arctic Wolf can only retrieve data from the previous 12 hours. Provide refreshed credentials within 12 hours of expiry to enable complete data polling and coverage. See MDR polling frequency for more information.

  1. Sign in to the Arctic Wolf Unified Portal.

  2. In the menu bar, click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Detection and Response.

  5. From the list of cloud services, select Cato Networks.

  6. On the Add Account page, configure these settings:

    1. Account Name — Enter a unique and descriptive name for the account.
    2. Account ID — Enter the four-digit integer obtained in Find the account ID.
    3. API Key — Enter the API key obtained in Create an API key.
  7. Click Test and submit credentials.

    After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.

MDR polling frequency

Arctic Wolf® Managed Detection and Response (MDR) polls third-party API integrations at regular intervals. Time-based events are polled with a delay to make sure data is available within the third-party API endpoint. For new deployments, after the API integration is successfully configured with the necessary credentials, Arctic Wolf begins polling and reviewing activity from approximately 1 hour prior to configuration success.