+2Hello.
The parent Tenant is pulling cases from a Child Tenant. However, Child’s cases created by SOAR connectors are not pulled by the Parent SOAR connector, only those cases created by rules.
Please advise if any configuration changes are required.
Thank you.
+12This is the expected behavior - the Chronicle connector pulls alerts originating in the SIEM. You would need to configure additional connectors for your other sources.
+2What about Federated Cases? https://docs.cloud.google.com/chronicle/docs/soar/admin-tasks/environments/case-federation-secops
Also would this work for multitenant?
+2Also, by additional connectors, you mean to configure them on the Parent so the cases are pulled directly from the sources instead of the Child?
So if it is needed to have all these telemetry in both Parent and Child Tenants, then the same connector needs to be configured on both.
+12With the Federated tenant, I believe the sync is from Child (Secondary) to Parent (Primary). That may be an option, if you have a Federated tenant.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
