Check the connector -> logs, if any errors, warnings.

Sometimes it could be the sentinel side delay for the records showing up in the API call.

Someone else also reported the same -> https://www.googlecloudcommunity.com/gc/SIEM-Forum/delay-in-case-creation-in-Chronicle-SOAR/m-p/839583#M2458

If the issues still there, please open a GCP support case to check. Another way to validate is to manually call the API to validate if anything in the API return. 

Hi @hzmndt ,

Thanks for your response.

Is it possible that SOAR is waiting for Sentinel incident to populate event in the incident. Because, I observed that there was not event when incident was triggered in Sentinel. Also SOAR case has no alert event.

Is there any document available to refer on this?

hi @VictorSOAR , please either create a gcp support ticket or enable connector log collection with the most detailed level (info) and try to repro the issue and see if there are errors.

It is unexpected to not have any events in soar's alerts for those sentinel incidents, it should at least have 1 event with most general info.

We have not seen such issues in our test lab, so we need either detailed connector logs or gcp ticket to investigate.

Im checking if we can add some additional information about this configuration in the docs.

Also please check if you are running latest official integration and connector versions.