Skip to main content

I created a new rule in Chronicle SIEM and used Test Rule, where I can see past detections. Now, I need these detections to generate alerts in Chronicle SOAR so I can build playbooks.

How can I:

  1. Convert these detections into alerts in SOAR?
  2. Manually trigger alerts in SOAR from past detections?
  3. Use an API or another method to resend these detections to SOAR as alerts?

My SIEM-SOAR integration is working fine, and new alerts are coming into SOAR. I just need a way to turn these past detections into SOAR alerts.

Any guidance would be appreciated! Thanks.

You need to have the Rule set to Live and Alerting. Have the Chronicle Connector configured in the SOAR to pull in the alerts. Once you do that, if you run a retro hunt in the SIEM it will generate the alerts.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.