Hi folks,
I'm exploring ways to ingest alerts generated in the SIEM side from one google secops instance to another google secops as SOAR alerts.
I've tried using a connector, but I'm running into issues.
Is this feasible? Are there alternative approaches I should consider?
Is there any way to export the Alerts from the SIEM using an API and then use import this Alerts in the another SecOps SOAR using an API?
Is there any API available to ingest the Alerts direclty to the SecOps SOAR?
This should work and you're following a recommended path. Something to keep in mind is that when you set up a connector on the SOAR to connect to another SIEM instance, you will need a service account from that instance to allow the connector to pull in alerts. Definitely open a support case if you're having any issues with the connector being configured.
-mike
@mikewilusz,
Thanks for your response.
Is there any other way to ingest the Alerts in the other SOAR(using some API) without the service account ?
Assume that i have exported the alerts in JSON format now i want to make an api call and ingest it to the other SOAR isntance.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.