Skip to main content

Can ontology/mappings be pre-configured and shipped with our integration, or are events required to make the fields accessible for mapping?

For example, I want to map SourceHostName to the field src_host_name(which will be available in the data ingested) in advance, right after installing the integration, without configuring the connector and fetching first event. 

I noticed there is a MappingRules field in the connector def file with empty list values. Can this field be utilized to achieve this? If yes, please let me know how to configure it.

Any feedback is appreciated.
@cmorris @f3rz 

Hi @GaurangPatel 


Great question.  I'm not aware of a way to build the ontology into the integration itself. As an alternative, after creating the ontology mapping for your connector you can export those rules and import them from the ontology menu into the instance before ingesting alerts.  If this use case is to promote code from a development instance to a production instance, you might be able to leverage the GitSync Power Up to manage the content (including custom integrations and ontology) between the two instances.  Here's some documentation around it in case it's of interest: https://cloud.google.com/chronicle/docs/soar/marketplace/power-ups/gitsync?hl=en


 


Let me know if you have any other questions!

Thanks @Kyle_M, I will go with the export/import from the ontology menu. 

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.