Solved

ontology and mapping

Forum|Forum|1 year ago
March 15, 2024
4 replies
81 views

+2

carlv
New Member

I've been trying for literally weeks to get our ontology and mapping setup. Most of our data is from a custom source but some of it is from a commercial AV vendor. I've deleted mapping categories that I'm not sure how to make come back and despite manipulating the mappings and ontology on every level, nothing seems to change my entity graph.

What i really want is for somebody to sit with me on a zoom call and help me prototype an ontology and mapping configuration because I know what I want to do but despite weeks of watching videos and reading documentation I still have no clue how to accomplish it.

Best answer by carlv

got this fixed by working with google support

+2

SOAR_Engineer
Bronze 1
Forum|Forum|1 year ago
March 18, 2024

I have't looked at implementing entity graphs in over 2 years because of this. Is there a specific use case where you need them?

Like

C

+2

carlv
Author
New Member
Forum|Forum|1 year ago
March 18, 2024

being able to present our response operators with a singular flow graph of the telemetry pertaining to an alert is core to our entire SOC strategy. If this can not be accomplished with the built in chronicle SOAR components I will have no choice but to either:
a) build my own graph entirely in d3 and use a custom HTML integration to display it, ignoring 100% of chronicle's configuration capabilities

b) significantly invest in replacing Chronicle SOAR with another platform

Like

D

+4

DanHansen
Bronze 1
Forum|Forum|1 year ago
March 25, 2024

I would use Case Management or Explore to try and identify the missing field (if I didn't already know the entity name). Then attempt to add back in by Settings/Ontology/Visual Family. If that didn't resolve it; I would go to Event Configuration under Mapping and edit fields in the pulldown on the far right of the field I was looking to add the entity to.