This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
SecOps SOAR uses integrations to ingest alerts from a variety of data sources into the platform. A connector is one of the items in an integration package which can be downloaded through the Chronicle Marketplace.
Prerequisites
Entitlement for Chronicle SOAR on the account and project.
Administrative permissions to Chronicle SOAR.
Administrative access for any 3rd party applications that will be integrated with Chronicle SOAR.
Actions
SIEM Connector
Connecting SecOps SIEM and SOAR is a critical step in ensuring that your SOC can take full advantage of the power of SecOps planet scale index and search functionality. This provides SOAR access to the Chronicle UDM.
SecOps SOAR uses connectors to ingest alerts from a variety of data sources. Connectors are Python based applications which pull alerts from 3rd party products parsing and normalizing them for storage in Chronicle's UDM.
Environment is simply another word for disparate networks, domains, or customers that are managed by a SOC or MSSP. Environments are useful logical segregation to provide services to different networks, customers or business units within the organization.
See the Relevant Links section for more documentation regarding the prerequisites.
New or existing Chronicle SOAR deployment
Admin access in Chronicle SOAR
Steps
In Chronicle SOAR, navigate to Settings > Organization > Environments.
Click the "+" icon.
Fill out all of the required information, ensuring to click Append to all Users and API Keys if you want to add this new environment directly to existing users and API Keys.
Note: Make sure to add an alias if the 3rd party integration has a different tenant name defined.
"Webhooks are a lightweight solution for pushing alerts from your organization into the platform. Cases with alerts ingested by webhooks appear in the platform with the same information as cases with alerts ingested using connectors. Note: Crowdstrike is used as an example"