Alerts Created but No Alert Visible in "Alerts & IOCs" Section

Hey @omkarj-metron ,

When you've created a custom connector, did you also provide a proper mapping associated with it? It's important that event start time and end time is correctly defined.

In addition to what my good friend @ylandovskyy stated, also keep in mind that there is a SOAR job that replicates cases created in SOAR back to the SIEM with case details: https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#sync-data-job

-mike

I followed the guidance provided in the document here: https://cloud.google.com/chronicle/docs/soar/respond/start-developing/mapping--modeling, and attempted to map the fields as suggested. However, the alerts are still not showing up in the "Alerts & IOCs" section as expected.

I am attaching screenshots of both the alert creation code and the mapped fields in the default domain for your reference.

I followed the guidance provided in the document here: https://cloud.google.com/chronicle/docs/soar/respond/start-developing/mapping--modeling, and attempted to map the fields as suggested. However, the alerts are still not showing up in the "Alerts & IOCs" section as expected.

I am attaching screenshots of both the alert creation code and the mapped fields in the default domain for your reference.

Do you see any errors in the "Google Chronicle Alerts Creator Job"?

Actually, this mapping doesn't guarantee that mapping was done correctly:

StartTime and EndTime keys are availlble always for test alerts, but they will not be there for real ingestion. So, did you confirm that, when you do proper ingestion that the mapping still works?

Also, test alerts are not being synced to SIEM, so only the alerts that were ingest in non-test run will be created.