Skip to main content

Hello Community Members,

To integrate Google Chronicle SOAR with on-premises QRadar, there is an out-of-the-box application available in the Marketplace. This application connector operates on a pull mechanism, meaning that the connector within Chronicle SOAR initiates requests to QRadar at defined intervals and pulls alerts into Chronicle SOAR.

However, in my situation, the client restricts inbound connections to their on-premises QRadar SIEM, but they are open to having alerts pushed from QRadar to Chronicle SOAR. Can anyone suggest a solution to achieve this? Thanks in advance.

Hello,  


You can use a SOAR remote agent that runs on prem which will have secure comms to the SecOps SOAR instance. 

Hello,  


You can use a SOAR remote agent that runs on prem which will have secure comms to the SecOps SOAR instance. 


Hey @dnehoda  - Thank you for your response. However, based on my understanding of the Chronicle documentation, the primary function of the remote agent is to collect raw data from on-premises devices. It is not intended to interact with other security tools like QRadar to fetch alert data.

Could you kindly provide high-level steps on how the SOAR remote agent could collect alerts from on-premises QRadar and send them to Chronicle SOAR?

Hey @dnehoda  - Thank you for your response. However, based on my understanding of the Chronicle documentation, the primary function of the remote agent is to collect raw data from on-premises devices. It is not intended to interact with other security tools like QRadar to fetch alert data.

Could you kindly provide high-level steps on how the SOAR remote agent could collect alerts from on-premises QRadar and send them to Chronicle SOAR?


Ahh I misunderstood your ask here. 



It is intended to pull in events from on prem security tools and the associated events for potential enrichment opportunities.  


Youre looking for a connector that would generate cases based on alerts from Qradar.  The connector is in fact pull and would require  some kind of allowance inbound the retrieve that data.  

Qradar Connector can be configured to use a Remote Agent


 



 

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.