This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Security Community will be in read-only mode July 16 - July 22 as we migrate platforms. 

Read more and check out our FAQ
Log in to ask a question

Does Chronicle SOAR has ability to setup a proxy for routing the network calls?

Posted on 07-26-2024 07:28 AM
nitinchauhan
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi Team,

Want to know. Does Chronicle SOAR has ability to setup a proxy for routing the network calls (i.e. within Integration/Action apps) to external APIs? If yes, any references/links about how/what/where.

Solved Solved
1 1 306
Topic Labels
Jump to Solution
Reply
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
KyHud
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hey,

Bit of a tricky one - as global proxy'ing was removed as Chronicle moved to cloud based solutions away from on-prem. 

For connectors - a number of connectors for ingest already support proxy methods (arcsight/cofense), so you maybe in luck that the ingest method you are wanting to use has proxy parameters which you can utilise.

For actions/connectors which are not governed by individual proxy settings, you could potentially utilize a remote agent. By routing actions or integration sets through a remote agent you would have control over the proxy settings of the underlying OS which may achieve what you are after - albeit not necessarily a method endorsed by Chronicle SOAR (as far as I can tell). You can find how to configure the remote agent (specifically proxy parameters) in this link here:

https://cloud.google.com/chronicle/docs/soar/working-with-remote-agents/installer-and-docker-agent-c...

Apologies that there's not a straight forward answer for this one, and if in doubt it might be worth a support ticket as they may know a way/ be able to set something in your environment - to achieve your goals.

Cheers
K

View solution in original post

Jump to Solution
Reply
1 REPLY 1

Posted on --/--/---- --:-- AM
KyHud
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hey,

Bit of a tricky one - as global proxy'ing was removed as Chronicle moved to cloud based solutions away from on-prem. 

For connectors - a number of connectors for ingest already support proxy methods (arcsight/cofense), so you maybe in luck that the ingest method you are wanting to use has proxy parameters which you can utilise.

For actions/connectors which are not governed by individual proxy settings, you could potentially utilize a remote agent. By routing actions or integration sets through a remote agent you would have control over the proxy settings of the underlying OS which may achieve what you are after - albeit not necessarily a method endorsed by Chronicle SOAR (as far as I can tell). You can find how to configure the remote agent (specifically proxy parameters) in this link here:

https://cloud.google.com/chronicle/docs/soar/working-with-remote-agents/installer-and-docker-agent-c...

Apologies that there's not a straight forward answer for this one, and if in doubt it might be worth a support ticket as they may know a way/ be able to set something in your environment - to achieve your goals.

Cheers
K

Jump to Solution
Reply
Top Solution Authors
View all