Hello.
The parent Tenant is pulling cases from a Child Tenant. However, Child’s cases created by SOAR connectors are not pulled by the Parent SOAR connector, only those cases created by rules.
Please advise if any configuration changes are required.
Thank you.
+11This is the expected behavior - the Chronicle connector pulls alerts originating in the SIEM. You would need to configure additional connectors for your other sources.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.