I did a quick search on a CATO DSM, but it was flagged as 'Not under consideration' at this time. You should be able to use the Universal Cloud REST API to read from one API and write to the other. I asked our dev team for the protocol if it was possible and it is, but there are no examples of this to work from that I'm aware of. It would be a custom workflow XML to do this work though as REST is fairly rigid (get data from X endpoint), where GraphQL is selective where you can request pieces of data x, y, and z and wrap them all up in to a single API call.
You might try asking this question out on the QRadar subreddit too to see if anyone has done anything like this before.
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com------------------------------
Original Message:
Sent: Thu October 12, 2023 08:56 AM
From: Davide Salardi
Subject: Collecting CATO Networks log into Qradar
Hello,
we want to collect logs from CATO Networks SASE platform which is used from one of our customer connected to Qradar.
CATO provides a GraphQL API from which various logs (traffic, authentications, and many others..) can be retrieved but there is no DSM or predefined method to create a log source in QRadar (our deployment is running 7.5.0.3).
We are working on a custom integration which leverages Universal Cloud REST API log source, has anyone been able to import logs from CATO Networks SASE platform into QRadar using this method or some other?
B Regards,
Davide
------------------------------
Davide Salardi
------------------------------