Question

Dynamic Whitelist - Sentinel Connector on the Google SecOps SOAR

Forum|Forum|4 months ago
August 5, 2025
6 replies
59 views

+2

Vaishnoodevi
Bronze 1

Hi All, I have added few use case name to the dynamic whitelist on the Sentinel connector at the Google SecOps SOAR,but some of these alerts are not getting ingested as a SOAR case even though a security incident is created at Sentinel

+16

ylandovskyy
Staff
Forum|Forum|4 months ago
August 7, 2025

Hey @Vaishnoodevi ,

Can you provide some examples, when this happened to you?

Like

+2

Vaishnoodevi
Author
Bronze 1
Forum|Forum|4 months ago
August 8, 2025

Hi @ylandovskyy recently I added all the in production use case to the dynamic list to filter out only the Production usecase to trigger a case in Secops.
For Ex : I added in production usecases- UC01,UC02... etc to the dynamic list.
In Sentinel UC01 generated an sentinel incident and it did not generate a case on the SOAR.

Like

+16

ylandovskyy
Staff
Forum|Forum|4 months ago
August 8, 2025

@Vaishnoodevi did you provide all values as a comma-separated list for 1 dynamic list item or you’ve created a separate dynamic list item per Name?

Like

+2

Vaishnoodevi
Author
Bronze 1
Forum|Forum|4 months ago
August 12, 2025

Apologies for the delay, I have created separate dynamic list per use case name @ylandovskyy

Like

+16

ylandovskyy
Staff
Forum|Forum|4 months ago
August 12, 2025

@Vaishnoodevi

I will check from my end, if I can make it work and let you know

Like

+16

ylandovskyy
Staff
Forum|Forum|4 months ago
August 13, 2025

@Vaishnoodevi

I also see that there is some miss aligned behaviour with the dynamic list. Putting it in the backlog for the team. Current ETA would be to resolve it by the end of Q3.

Like

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded