Connection Guide

Connect Cato SASE Cloud Without Breaking the Audit Trail

Use this guide to connect Cato SASE Cloud or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary

Connection typeDirect connection

CategoryNetwork Security

Checklist4 steps

Want help with rollout?

We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect Cato SASE Cloud and make sure the first collection lands cleanly.

1
Create a dedicated Cato service API key or constrained admin API key with View-only query access.
2
Store base_url, account_id, and api_key securely and validate GraphQL access against admins, accountRoles, and accountSnapshot before rollout.
3
Enable Events Integration before expecting sustained eventsFeed data and keep export destinations feature-gated unless the tenant explicitly needs raw event delivery.
4
Keep configuration mutations and governed actions out of scope for this baseline.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

api_key

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.