Dynamic Whitelist - Sentinel Connector on the Google SecOps SOAR

Hi All, I have added few use case name to the dynamic whitelist on the Sentinel connector at the Google SecOps SOAR,but some of these alerts are not getting ingested as a SOAR case even though a security incident is created at Sentinel

Page 1 / 1

Hey @Vaishnoodevi ,

Can you provide some examples, when this happened to you?

Hi @ylandovskyy recently I added all the in production use case to the dynamic list to filter out only the Production usecase to trigger a case in Secops.
For Ex : I added in production usecases- UC01,UC02... etc to the dynamic list.
In Sentinel UC01 generated an sentinel incident and it did not generate a case on the SOAR.

@Vaishnoodevi did you provide all values as a comma-separated list for 1 dynamic list item or you’ve created a separate dynamic list item per Name?

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded