I'm observing that curated detections are being routed to all environment .
- How can we manage or control this to ensure the detections are routed to specific environments?
curated detections routing
+14- Silver 2
+6There is a way to control where each detection goes. You do this by going to SOAR Settings -> Ingestion -> Connectors, Select the connector you wish to route to a specific environment. Once you have selected the connector you wish to route you should see this:
Near the top of the list of parameters you will see Environment, if you select a specific environment all of the alerts that come in via this connector will be routed to that environment.
+63 different siem + soar environments or 3 environments in soar?
+14- Silver 2
3 different siem + soar environments or 3 environments in soar?
yes,
so we are building rules in dev and slowing moving to prod environment. - we control which will go in prod environment using soar tag and we have used advanced section of connectors
now when we turned on curated detection , it is generating detection in all 3 environment . but in this case we cant see rule logic or tag used
+6I am still not quite understanding your setup. Can you send me a message via private messages showing me a diagram or even some screenshots of your setup.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.