Hey,

Ontology and mapping in Chronicle SOAR helps the product understand what fields are important to the product, and visual family. It is essentially a mapping exercise of splunk field "SrcIp"-> Chronicle Field "Source Address". As this process can be time consuming there are connectors which bring with them a base set of ontology and mapping to give you a head start in defining relevant fields.

Our rule of thumb, as we have had the system for many years, is to not accept any integration defined ontology incase it disrupts our already defined ontology which we have done over the years,however, if this is a new SOAR instance with little to no mapping, adding in the predefined mapping from the marketplace can help initially with this process.

Cheers

K