Hello, community! I need your insights regarding the following. I need to leverage a streaming-like API using Web sockets to keep listening for new alerts and events. I know that the connector's principle is to run every X time. This will not be applicable if I use Web sockets. Following are my thoughts regarding this:
I appreciate your insights regarding this. If you have also faced this particular kind of connector, I will be excited to hear about your experience.
Leverage a streaming
+2
+5
I believe Siemplify has web sockets on an upcoming road map. Else, you may be better off just querying for alerts each time. And make sure you make a
case id
based off something unique in each alert. Siemplify won't make duplicate case ids. So, if you run every 5 minutes and find the same alerts again you will not get new cases. But you will if there is a new alert.
+2
Thanks for the hints! I need to check the API because I am not fully aware right now if I can query alerts and their related new events based on a control timestamp. I need to find something here.
Again, thanks!
+2
@John_DePalma
I've checked again your replies to this thread after creating a new one. I think they could be related.
If I have "new alerts" based on already existing cases (i.e. the source technology has detected new events) and I'm using the incident id from the source technology to create my AlertInfo instance and call the
create_package
function, based on your message, Siemplify will not create these "new" alerts and append them into my existing case? Is there a way to achieve this? I've set the
source_grouping_identifier
with the incident id given by the source technology with no success.
I appreciate your advise in this.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.