Solved: How to send a chronicle siem alert to chronicle so...

luffffy

How to send a chronicle siem alert to chronicle soar? So basically we would need to send a chronicle siem alert/event to be created as a alert/cases in chronicle SOAR. How can we do this?

jstoner

Not knowing your architecture, the general flow would be that within the the SOAR settings, you can select Ingestions - Connectors to see your connectors.

You would have the Google Chronicle integration installed and then configure the integration with the service account. Additional options like filtering on the specific rules that you want alerts to be pulled into the soar are available as well. I realize this is a bit high level but those are the key pieces to it.

View solution in original post

DanHansen

Connectors

You would use connectors to receive the alert from an email by scanning the email body for the raw data of the alert.

jstoner

Not knowing your architecture, the general flow would be that within the the SOAR settings, you can select Ingestions - Connectors to see your connectors.

You would have the Google Chronicle integration installed and then configure the integration with the service account. Additional options like filtering on the specific rules that you want alerts to be pulled into the soar are available as well. I realize this is a bit high level but those are the key pieces to it.