This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Security Community will be in read-only mode July 16 - July 22 as we migrate platforms. 

Read more and check out our FAQ
Log in to ask a question

How to set up a mail alert when a SOAR collector stops generating cases within a certain time?

Posted on 08-21-2024 04:21 AM
paczz
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello everyone, my question is the one mentioned in the title.
I know that it is possible to create Jobs that can monitor if any of the connectors present errors when ingesting alerts.

But I can't find a way (if there is one) to send these alerts by email so that action can be taken in the case of data loss as soon as possible.

0 3 347
Topic Labels
0 Likes
Reply
3 REPLIES 3

Posted on --/--/---- --:-- AM
mikewilusz
Staff
Reply posted on --/--/---- --:-- AM

You can configure the e-mail to send these notifications to in the integration parameters for the "Siemplify" integration.

mikewilusz_0-1724259768191.png

 

0 Likes
Reply

Posted on --/--/---- --:-- AM
paczz
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have it as you indicate, but even though the connector is on fault the Job indicates that no faults are found on the connectors.

paczz_0-1724322151815.png

paczz_1-1724322164497.png

 

 

0 Likes
Reply

Posted on --/--/---- --:-- AM
SoarAndy
Staff
Reply posted on --/--/---- --:-- AM

You could write a job that will:
For each instance of a connector

SoarAndy_2-1724423591874.png

scrape python logs, then loop for errors
https://cloud.google.com/chronicle/docs/soar/admin-tasks/advanced/retrieve-raw-python-logs

SoarAndy_1-1724423477312.png

You might need to consider if you are looking for 401, 403, 429, 500, network timeout/DNS, and non-parsable results, etc

0 Likes
Reply
Top Solution Authors
View all