New Features & Enhancements
New XDR Security Report: The new XDR Report summarizes XDR story investigations and provides an overview of the account security posture.
The report includes data such as:
Number of stories investigated with breakdown by verdict
Summary of malicious and suspicious stories with breakdown by site, severity, and country
Available for XDR Core, XDR Pro, and MDR customers
New Third-Party Integrations with Cato Events: Leverage native integration with these platforms:
Axonius integration: Cato customers that also use Axonius cybersecurity and asset management
Zenoss ZenPack integration: Cato customers that also use the Zenoss ZenPack extension module
Read more about other third-party vendors that support native integration with Cato events
Reminder - Upcoming Deprecation of the Account Snapshot ‘metrics’ Field: Cato previously announced that on Nov. 15, 2023, we will deprecate the metrics field in the accountSnapshot API.
After this date, the metrics field in the accountSnapshot API will no longer be available
All traffic metrics and data are available using the accountMetrics API.
PoP Announcements
Los Angeles, United States: A new range (216.205.115.0/24) is now available in the Los Angeles PoP location
Security Updates
IPS Signatures:
View more details about the IPS Signatures and Protections in the Threats Catalog.SSH Client OpenVAS Scanner
SSH Client Vulnerability Scanner Client SSH Version 9.9
SSH Vulnerability Scanner Client Nessus
SSH Vulnerability Scanner Client Nmap
SSH Vulnerability Scanner Client Qualys
SSH Vulnerability Scanner Client Rapid7
SSH Vulnerability Scanner Client Sentinel1
SSH Vulnerability Scanner Client TenableRocks
CVE-2023-46747
CVE-2023-42793
CVE-2023-32315
CVE-2023-29800
CVE-2023-22518
Apps Catalog:
See the new SaaS applications in the Apps Catalog.Application Control (CASB):
New granular actions for the following apps:
Workplace: Comment, Post, Call, Upload File, Login
Instagram: Send Message
Detection and Response:
These are the updates to the Indications Catalog:Threat Hunting IOA signatures:
Blocked IP/Domain
Common Scanner (WAN bound)
Common Scanners (Outbound)
Downloading a Suspicious Script
Known Cobalt Strike Profile
Known Scanner (WAN bound)
Malware Activity
Potential Downloader
Potential Unwanted Program (PUP) Activity
PSExec Execution
Sinkholed Domain
Sinkholed IP
Suspicious Network Activity (Domains)
Threat Prevention IOA signatures:
Downloading From Exploit-DB
Suspicious Network Activity
Suspicious Network Activity (User-Agent)
Suspicious Tool Download
File Identification:
Enhanced file identification in Cato Cloud services for the following file types:
CMD (Windows Command File)
DOC (Microsoft Office Document)
MSI (Microsoft Windows Installer Package)
PPT (Microsoft Office Powerpoint)
XLS (Microsoft Office Excel)
Note:
Content described in this update is gradually rolled out to the Cato PoPs over a two-week period. In addition, new features are gradually activated in the Cato Management Application over the same two-week rollout period as the PoPs. For more information, see this article. See the Cato Status Page for more information about the planned maintenance schedule.