Is it possible to create a job and after executing it can connect to a connector and create a manual alert?
In such a way that we can have a relationship between them?
I am not using a specific connector like crowdstrike or chronicle, just creating alerts based on a manual connector made by me? no apis
In this way we can observe a job that only queries the cases of a specific tag and if they bring information, an alert is created.
I would appreciate your response
¡Thank you!
Hi @olivacris98.
I'm unaware of a way to easily call a connector and pass data to it from a job. However, here are two suggestions to accomplish the use case as I understand it.
1. Use the connector to run the logic to query cases that contain a specific tag. You can likely take the logic from the job and implement it in the connector. This will be a much easier approach as you will only be dealing with a connector.
2. If you prefer the job, you can leverage the create_case() SDK call to create a case from the job. This will eliminate the need for the connector and would still create an alert: https://cloud.google.com/chronicle/docs/soar/reference/siemplify-module#create_case
Let me know if you have additional questions!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.