Dynamic Whitelist - Sentinel Connector on the Google SecOps SOAR

Hi All, I have added few use case name to the dynamic whitelist on the Sentinel connector at the Google SecOps SOAR,but some of these alerts are not getting ingested as a SOAR case even though a security incident is created at Sentinel

Page 1 / 1

Hey @Vaishnoodevi ,

Can you provide some examples, when this happened to you?

Hi @ylandovskyy recently I added all the in production use case to the dynamic list to filter out only the Production usecase to trigger a case in Secops.
For Ex : I added in production usecases- UC01,UC02... etc to the dynamic list.
In Sentinel UC01 generated an sentinel incident and it did not generate a case on the SOAR.

@Vaishnoodevi did you provide all values as a comma-separated list for 1 dynamic list item or you’ve created a separate dynamic list item per Name?

Apologies for the delay, I have created separate dynamic list per use case name @ylandovskyy

@Vaishnoodevi

I will check from my end, if I can make it work and let you know

@Vaishnoodevi

I also see that there is some miss aligned behaviour with the dynamic list. Putting it in the backlog for the team. Current ETA would be to resolve it by the end of Q3.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded