Is there a way to add a Tag to an Alert via a playbook? I can add one to the case but I don’t see an option to add to the Alert.
Question
Add Tag to an Alert
+13There is not today. I see a feature request, but no ETA at the moment
+2- Bronze 2
In the documentation https://docs.cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-365-defender it states the job to synchronize alerts must meet the following condition(s):
- The Google SecOps case must contain the Microsoft Defender XDR Alert tag
I would have expected this to be created at Alert Ingestion / Case Creation but I do not see anything.
And as I cannot set this by a playbook can anybody shed any light on this?
Thanks
+13I do not have Defender XDR to test with, but you should be able to add the tag Microsoft Defender XDR Alert to the case via playbook or manual action. It looks like a case tag is expected.
+2- Bronze 2
Thanks cmorris, I have managed to do this via a playbook just wasn’t clear from the documentation. I will configure the Synch Job and see if this does the trick.
+2- Bronze 2
Hi All,
I can confirm that adding the tag “Microsoft Defender XDR Alert” as a Case Tag the Synch works as expected.
Thanks
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.