Hi!
Is there, and what's the best way of getting the alerts out of Google SecOps SIEM alerts section to Slack for a notification whenever an alert is created based on rulesets?
I've wondered through the API but couldn't find anything specific I could use and there is no integration for that as far as I know built in as well.
Page 1 / 1
Configure the integration in SOAR - https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/slack. From there, you can create a playbook or block that provides notifications around alerts via Slack.
The SOAR integration is the way to go. If you're not using SOAR, you could run a script on a VM like:
https://gist.github.com/emeryray2002/1903886a17473e00c536785f7d21a1ce
For this script the format of the config file is: https://gist.github.com/emeryray2002/94a0ea0cd15133b1aa6cdb7e4c6ea15a
The SOAR integration is the way to go. If you're not using SOAR, you could run a script on a VM like:
https://gist.github.com/emeryray2002/1903886a17473e00c536785f7d21a1ce
For this script the format of the config file is: https://gist.github.com/emeryray2002/94a0ea0cd15133b1aa6cdb7e4c6ea15a
Thanks, this will help a lot for now until we get the actual SOAR up and running
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.