Skip to main content
Solved

import/export an ALERT

  • January 30, 2025
  • 3 replies
  • 115 views
vanitharaj1208
Forum|alt.badge.img+14

how to 

  1. Move Alert Across Environments within same Tenant ?
  2. Transfer Alert to a Different SecOps Tenant ?

 

Best answer by josemarin

1. Move alert across Environments within same tenant:

Cases can be moved to different environments. To enable this, go to SOAR Settings > Advanced > General. In the "Move Case" section, ensure "Allow users to move cases between environments" is selected.

Then, you can change the environment directly in the case screen. Important: This closes the existing case and creates a copy in the selected environment.

2. Transfer Alert to a Different SecOps Tenant:

While there's no direct way to export an alert to another tenant, you can achieve this using the API and built-in actions. First, use the "Get original alert JSON" action in the tools power-up to retrieve the alert data (the JSON before processing by the SecOps ETL service). Then, use this data to create a new case in the target tenant via the CreateCase endpoint (available in Swagger). In playbooks, you can use the HTTPV2 integration for this.

 

 

 



3 replies

josemarin
Staff
Forum|alt.badge.img+3
  • josemarin
  • Staff
  • Answer
  • January 30, 2025

1. Move alert across Environments within same tenant:

Cases can be moved to different environments. To enable this, go to SOAR Settings > Advanced > General. In the "Move Case" section, ensure "Allow users to move cases between environments" is selected.

Then, you can change the environment directly in the case screen. Important: This closes the existing case and creates a copy in the selected environment.

2. Transfer Alert to a Different SecOps Tenant:

While there's no direct way to export an alert to another tenant, you can achieve this using the API and built-in actions. First, use the "Get original alert JSON" action in the tools power-up to retrieve the alert data (the JSON before processing by the SecOps ETL service). Then, use this data to create a new case in the target tenant via the CreateCase endpoint (available in Swagger). In playbooks, you can use the HTTPV2 integration for this.

 

 

 



vanitharaj1208
Kyle_M
vanitharaj1208
Forum|alt.badge.img+14
  • vanitharaj1208Silver 2
  • Author
  • Silver 2
  • January 30, 2025

1. Move alert across Environments within same tenant:

Cases can be moved to different environments. To enable this, go to SOAR Settings > Advanced > General. In the "Move Case" section, ensure "Allow users to move cases between environments" is selected.

Then, you can change the environment directly in the case screen. Important: This closes the existing case and creates a copy in the selected environment.

2. Transfer Alert to a Different SecOps Tenant:

While there's no direct way to export an alert to another tenant, you can achieve this using the API and built-in actions. First, use the "Get original alert JSON" action in the tools power-up to retrieve the alert data (the JSON before processing by the SecOps ETL service). Then, use this data to create a new case in the target tenant via the CreateCase endpoint (available in Swagger). In playbooks, you can use the HTTPV2 integration for this.

 

 

 




Thank you @josemarin !!

palevelmode
Forum|alt.badge.img+2
  • palevelmode
  • New Member
  • October 6, 2025

Is there a way to automate moving alerts to different environment via playbook

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.