Cato SSE 360 MonitoringUpdated Nov 8, 2023
You can configure Cato SSE 360® to send the necessary logs to Arctic Wolf® for security monitoring.
- Cato Management Application account administrator role with Editor permissions.
- Enable the events feed.
- Create an API key.
- Find the account ID.
- Provide your Cato SSE 360 credentials to Arctic Wolf.
- In the Cato Management Application, click Administration > API & Integrations.
- On the Connectors tab, click the Enable integration with Cato events toggle to the on position.
In the Cato Management Application, click Administration > API & Integrations.
On the API Keys tab, click New.
On the Create API Key pane, configure these settings:
- Key name — Enter a name for the API key.
- API Permission — Select View.
- Allow access from IPs — Select Any IP.
- Expired at — Select an expiry date that meets your security governance requirements.
The API key is added and the API key dialog appears.
Save the API value in a safe, encrypted location. You will provide it to Arctic Wolf later.
Click OK to exit the API key dialog.
- Sign in to your Cato account.
- In the URL, copy the 4-digit integer, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.
Note: If API credentials fail, for example due to expired credentials, Arctic Wolf will notify you and request a new set of credentials. After receiving refreshed credentials, Arctic Wolf can only retrieve data from the previous 12 hours. Provide refreshed credentials within 12 hours of expiry to enable complete data polling and coverage. See MDR polling frequency for more information.
Sign in to the Arctic Wolf Unified Portal.
In the menu bar, click Telemetry Management > Connected Accounts.
Click Add Account +.
On the Add Account page, in the Account Type list, select Cloud Detection and Response.
From the list of cloud services, select Cato Networks.
On the Add Account page, configure these settings:
Click Test and submit credentials.
After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.
Arctic Wolf® Managed Detection and Response (MDR) polls third-party API integrations at regular intervals. Time-based events are polled with a delay to make sure data is available within the third-party API endpoint. For new deployments, after the API integration is successfully configured with the necessary credentials, Arctic Wolf begins polling and reviewing activity from approximately 1 hour prior to configuration success.