Is there a generic http connector for chronicle SOAR that can ingest Alerts by just doing a simple http request , actually would like ingest from a source where a direct connector is not available so looking for a generic http connector
Page 1 / 1
Hi,
There are two primary methods for ingesting alerts into SecOps SOAR from a source where a native connector is not available:
1.Webhooks
This is the most direct and simple method for your use case. SecOps SOAR allows you to set up an incoming webhook. When you create the webhook, you'll receive a unique URL. Your source system can then send a simple HTTP request with a JSON payload containing the alert data to this URL.
https://cloud.google.com/chronicle/docs/soar/ingest/webhooks/setting-up-a-webhook
2.Custom Connectors
You can build a custom connector. Connectors are Python-based applications that run periodically within the SOAR platform. You can develop a connector to retrieve information from your source and create alert objects within Chronicle SOAR, ensuring they are properly normalized into the platform's format. This approach is more advanced.
https://cloud.google.com/chronicle/docs/soar/respond/ide/creating-a-custom-connector
I think it's better to start with a webhook to see if it meets your needs.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.