Skip to main content

Hi 

Recently one of my clients said  that they r planning to migrate from premium to enterprise edition and requested us to onboard it in SOAR. I have couple of questions, not sure if this is the right place

1) in terms of integrating  with SOAR , is there going to be any changes , we have sccp currently fed to secops soar. Does it require new integration. 

2) in terms of playbooks that exists for sccp , do we need to also make changes in that. 

3) would there be new findings which were not previously seen in sccp. 

 

Hi @rahul7514,


When your team activates SCCE in the future, the activation workflow will ask whether there is an existing SecOps Instance in place.  In your scenario, this will be  true, so the activation workflow will identify that existing SecOps instance and this SecOps instance will be the one used with SCCE.


In terms of playbooks, you should review all the mentioned playbooks before and after the migration but in general your existing SCCP settings should remain intact and therefore any playbooks that reference SCCP currently should be usable.  If you run into issues feel free to post again here and let us know.


SCCE has a few extra components which are capable of generating new findings.  For example, SCCE supports multi-cloud (with the appropriate licensing in place) which allows customers to generate findings from AWS infrastructures so that is one example of a way that a new type of finding might come into play with SCCE when it didn't in SCCP.

Hi @rahul7514,


When your team activates SCCE in the future, the activation workflow will ask whether there is an existing SecOps Instance in place.  In your scenario, this will be  true, so the activation workflow will identify that existing SecOps instance and this SecOps instance will be the one used with SCCE.


In terms of playbooks, you should review all the mentioned playbooks before and after the migration but in general your existing SCCP settings should remain intact and therefore any playbooks that reference SCCP currently should be usable.  If you run into issues feel free to post again here and let us know.


SCCE has a few extra components which are capable of generating new findings.  For example, SCCE supports multi-cloud (with the appropriate licensing in place) which allows customers to generate findings from AWS infrastructures so that is one example of a way that a new type of finding might come into play with SCCE when it didn't in SCCP.


@vaskenh  :Thanks for the response . So i do not have to create a new connector for the SCE or do a new integration with Secops SOAR  is what i am getting to understand .

My Current SCCP integration and its connectors will do the ingest findings  but it will now also contain SCE findings , is my understanding correct here ?

@vaskenh  :Thanks for the response . So i do not have to create a new connector for the SCE or do a new integration with Secops SOAR  is what i am getting to understand .

My Current SCCP integration and its connectors will do the ingest findings  but it will now also contain SCE findings , is my understanding correct here ?


Correct, what you'll see after the activation of SCCE is that the Marketplace integration is still there and updated.  If you do run into any issues feel free to post back here and let us know.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.