DDS: Cato Networks: Crawler Integration v1.0.0 #22152

shubhamvekariya-crest · 2025-12-17T12:56:06Z

What does this PR do?

This is a initial release PR of Cato Networks integration including all the required assets.

Integration Logo Source: https://www.catonetworks.com/wp-content/uploads/2024/07/cato-green-logo-2.svg

Additional Notes

Crawler code for this integration has been committed in its respective repo
OOTB detection rules JSON would be shared separately with the required teams as a part of separate repository.
Since during the standard attribute remapping we are not preserving the source attributes as per suggested best practices, it would result in filters using these standard attributes populating the values of other integrations as well as per current Datadog behaviour.

Review checklist (to be filled by reviewers)

Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

chatgpt-codex-connector · 2025-12-17T14:05:04Z

cato_networks/manifest.json

+  "manifest_version": "2.0.0",
+  "app_uuid": "4139f2e2-ba87-4e17-bcda-73bdade3ed8f",
+  "app_id": "cato-networks",
+  "display_on_public_website": false,


Add manifest owner field

The new manifest omits the required owner field even though this is a v2.0.0 integration manifest; every other v2 manifest includes it for validation and ownership routing. Leaving it out will cause the manifest validator to fail and block publishing the integration.

Useful? React with 👍 / 👎.

chatgpt-codex-connector · 2025-12-17T14:05:04Z

cato_networks/assets/logs/cato-networks.yaml

+  - groups:
+      - User
+    name: User Name
+    path: usr.name
+    source: log


Facet fields used by events dashboard filters

The log config only facets DNS, geoip, and user fields here and never declares facets for the attributes the events dashboard filters on (event_sub_type, action, threat_type, application_name). Because unfaceted attributes are not indexed for search or group-bys, the dashboard’s template variables and widgets referencing those fields will stay empty even when relevant logs arrive.

Useful? React with 👍 / 👎.

buraizu · 2025-12-17T20:17:47Z

Created DOCS-12937 for documentation team review

rtrieu · 2025-12-23T20:23:45Z

cato_networks/README.md

+
+This integration ingests the following logs:
+
+- **Audit Logs**: This logs provide detailed information on admin actions performed within the system.


Suggested change

- **Audit Logs**: This logs provide detailed information on admin actions performed within the system.

- **Audit Logs**: These logs provide detailed information on admin actions performed within the system.

rtrieu · 2025-12-23T20:23:53Z

cato_networks/README.md

+This integration ingests the following logs:
+
+- **Audit Logs**: This logs provide detailed information on admin actions performed within the system.
+- **Events**: This logs provide detailed insights into security, detection and response, connectivity, and system events within the Cato Networks platform.


Suggested change

- **Events**: This logs provide detailed insights into security, detection and response, connectivity, and system events within the Cato Networks platform.

- **Events**: These logs provide detailed insights into security, detection and response, connectivity, and system events within the Cato Networks platform.

rtrieu

left some minor feedback to comply with style guidelines.

rtrieu · 2025-12-23T21:39:32Z

cato_networks/README.md

+3. Click **Apply** button and copy the **Token**.
+4. Navigate to **Account** > **Account Info** and copy the **Account ID**.
+5. Identify your Cato Networks Region by checking the prefix of your URL: 
+    - cc.us1.catonetworks.com - us1 


Suggested change

- cc.us1.catonetworks.com - us1

- `cc.us1.catonetworks.com` - us1

rtrieu · 2025-12-23T21:39:41Z

cato_networks/README.md

+4. Navigate to **Account** > **Account Info** and copy the **Account ID**.
+5. Identify your Cato Networks Region by checking the prefix of your URL: 
+    - cc.us1.catonetworks.com - us1 
+    - cc.catonetworks.com - Keep region as empty


Suggested change

- cc.catonetworks.com - Keep region as empty

- `cc.catonetworks.com` - Keep region as empty

rtrieu · 2025-12-23T21:39:54Z

cato_networks/README.md

+### Event Log collection
+
+#### Configure AWS S3 Bucket
+**Note**: Please use **cato-networks** as the **S3 prefix**.  


Suggested change

**Note**: Please use **cato-networks** as the **S3 prefix**.

When configuring the AWS bucket, use **cato-networks** as the **S3 prefix**.

rtrieu · 2025-12-23T21:40:53Z

cato_networks/README.md

+
+#### Configure AWS S3 Bucket
+**Note**: Please use **cato-networks** as the **S3 prefix**.  
+Please refer the [Configuring the AWS S3 Bucket][2] 


Suggested change

Please refer the [Configuring the AWS S3 Bucket][2]

For more information, see [Configuring the AWS S3 Bucket][2].

rtrieu · 2025-12-23T21:41:18Z

cato_networks/README.md

+Please refer the [Configuring the AWS S3 Bucket][2] 
+
+#### Configure Event Integration in CATO Network
+Please refer the [Adding Amazon S3 Integration for Events][3]


Suggested change

Please refer the [Adding Amazon S3 Integration for Events][3]

For more information on configuring the event integration in a CATO network, see [Adding Amazon S3 Integration for Events][3].

rtrieu · 2025-12-23T21:41:45Z

cato_networks/README.md

+Please refer the [Adding Amazon S3 Integration for Events][3]
+
+#### Configure Datadog Forwarder
+Please refer the [Datadog Forwarder][4]


Suggested change

Please refer the [Datadog Forwarder][4]

See information on configuring the [Datadog Forwarder][4].

rtrieu · 2025-12-23T21:42:24Z

cato_networks/README.md

+Please refer the [Datadog Forwarder][4]
+
+
+## Data Collected


Suggested change

## Data Collected

## Data collected

rtrieu · 2025-12-23T21:43:25Z

cato_networks/README.md

+**Note**: Please use **cato-networks** as the **S3 prefix**.  
+Please refer the [Configuring the AWS S3 Bucket][2] 
+
+#### Configure Event Integration in CATO Network


Suggested change

#### Configure Event Integration in CATO Network

#### Set up event integration in CATO networks

Add Cato Networks crawler integration without assets

6ae5dda

temporal-github-worker-1 bot added docs/review-requested ecosystems/review-requested product/review-requested labels Dec 17, 2025

datadog-agent-integrations-bot bot added documentation dev/testing dev/tooling qa/skip-qa Automatically skip this PR for the next QA labels Dec 17, 2025

shubhamvekariya-crest added 2 commits December 17, 2025 18:30

Add Cato Networks integration with assets

d61fadd

Resolve CI Failures

c418d7c

shubhamvekariya-crest force-pushed the cato-networks-assets-v1.0.0 branch from 1a4bbb9 to c418d7c Compare December 17, 2025 13:16

Added dashboard screenshots

7bcb75a

shubhamvekariya-crest marked this pull request as ready for review December 17, 2025 13:56

shubhamvekariya-crest requested review from a team as code owners December 17, 2025 13:56

datadog-agent-integrations-bot bot added team/agent-integrations team/documentation team/logs-integrations-reviewers team/saas-integrations labels Dec 17, 2025

chatgpt-codex-connector bot reviewed Dec 17, 2025

View reviewed changes

buraizu added the editorial review Waiting on a more in-depth review from a docs team editor label Dec 17, 2025

rtrieu reviewed Dec 23, 2025

View reviewed changes

rtrieu requested changes Dec 23, 2025

View reviewed changes

temporal-github-worker-1 bot added docs/requested-changes and removed docs/review-requested labels Dec 23, 2025

Address review comments

62e6ba7

shubhamvekariya-crest requested a review from rtrieu December 24, 2025 05:20

rtrieu approved these changes Dec 26, 2025

View reviewed changes

temporal-github-worker-1 bot added docs/approved and removed docs/requested-changes labels Dec 26, 2025


		This integration ingests the following logs:

		- Audit Logs: This logs provide detailed information on admin actions performed within the system.

	- Audit Logs: This logs provide detailed information on admin actions performed within the system.
	- Audit Logs: These logs provide detailed information on admin actions performed within the system.

	- Events: This logs provide detailed insights into security, detection and response, connectivity, and system events within the Cato Networks platform.
	- Events: These logs provide detailed insights into security, detection and response, connectivity, and system events within the Cato Networks platform.

	- cc.us1.catonetworks.com - us1
	- `cc.us1.catonetworks.com` - us1

	- cc.catonetworks.com - Keep region as empty
	- `cc.catonetworks.com` - Keep region as empty

	Note: Please use cato-networks as the S3 prefix.
	When configuring the AWS bucket, use cato-networks as the S3 prefix.

	Please refer the [Configuring the AWS S3 Bucket][2]
	For more information, see [Configuring the AWS S3 Bucket][2].

	Please refer the [Adding Amazon S3 Integration for Events][3]
	For more information on configuring the event integration in a CATO network, see [Adding Amazon S3 Integration for Events][3].

	Please refer the [Datadog Forwarder][4]
	See information on configuring the [Datadog Forwarder][4].

	#### Configure Event Integration in CATO Network
	#### Set up event integration in CATO networks

DDS: Cato Networks: Crawler Integration v1.0.0 #22152

Are you sure you want to change the base?

DDS: Cato Networks: Crawler Integration v1.0.0 #22152

Conversation

shubhamvekariya-crest commented Dec 17, 2025

What does this PR do?

Additional Notes

Review checklist (to be filled by reviewers)

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector bot Dec 17, 2025

Choose a reason for hiding this comment

Uh oh!

chatgpt-codex-connector bot Dec 17, 2025

Choose a reason for hiding this comment

Uh oh!

buraizu commented Dec 17, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

rtrieu left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants