Using Data Tables in the Chronicle SOAR Integration

Question

I’m trying to use the Chronicle SOAR integration from a SecOps instance to work with Data Tables.

The integration works when tested and with actions like UDM queries, Enrich, etc but fails with the following error when using the Data Tables actions:

```

Permission chronicle.dataTables.get' denied on resource //chronicle.googleapis.com/projects/REDACTED/locations/europe-west1/instances/REDACTED/dataTables/Test' (or it may not exist).

```

Who should I assign these permissions to?

Best answer by ylandovskyy

Hey @ar3diu,

Please refer to this guide:

You need to make the integration work Chronicle API vs Backstory. To do that you need to change the API root of the instance. In the link that I have shared there is a comment that explains, how to do it.

ylandovskyy · Accepted Answer

Hey @ar3diu,Please refer to this guide:You need to make the integration work Chronicle API vs Backstory. To do that you need to change the API root of the instance. In the link that I have shared there is a comment that explains, how to do it.

ar3diu · Answer

Thanks ​@ylandovskyy

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded