[Quick Tip] How to share information between playbooks
Sometimes, you might be in a situation, where you want to share information between multiple playbooks, even a...
SecOps SOAR
This is the place to discuss all things related to SOAR, including best practices, tools, and use cases. We encourage you to ask questions, share your knowledge and experience with the community.
Forum Posts
[Important] New Platform Feature - Custom Fields
This week we released Custom Fields - a new Case Management feature that allows you to extend the cases and al...
Leverage GenAI in automation with Vertex AI integration
We just released a new integration - Vertex AI! It's in public preview. If you are not familiar with Vertex AI...
Upgrade to Python 3.11 for the latest security and functionality updates
Hello Google SecOps Users, On July 14, 2024, Python 3.11 with migration best practices was made available in G...
Duplication of connector for mapping purposes
Hello,is it possible to somehow duplicate a connector, so there is new mapping available?For instance, i have ...
How do I login to the SOAR free edition?
How can I log in to the SOAR free edition:https://app.siemplify-soar.com/#/login
ServiceNow connector
in the ServiceNow connector, how do I only pull incident tickets from a specific assignment group? Just pullin...
SOAR Condition - Contains
Does this command only work on array type input? or can it also check if a substring exists within a string?
SentinelOne API Feed Integration
Hi All,We are trying to integrate SentinelOne via Third Party API feed integration with no luck.It fails with ...
Managing multiple alerts in a single case
Hi everyone.today I've come across a problem that I don't know how to solve. In my SOAR instance, I've configu...
Failed to configure EmailV2
Hello,I'm trying to add an email address to send custom messages via Chronicle (Siemplify). The email address ...
Issue with JIRA sync comments and sync closure jobs
Hi, I'm facing an issue with JIRA Sync Comments job in Chronicle SOAR. After a JIRA ticket is created from SOA...
SOAR training on Skill Boost
As it seems that SOAR training is now on Skills Boost, do we need to retake all of them to get the badges even...
What's the behavior of event field references when configuring a playbook?
What's the behavior of event field references when configuring a custom trigger for a playbook? What happens i...
Cycling over a list in a playbook
Hi all,I was wondering if there is a way to cycle over a list of values inside a playbook. I've written an act...
How to parse JSON logs to UDM?
Hello everyone!I recently started using Fluent Bit to send DNS logs from Windows Server to Google Chronicle Fo...
Getting access to the Slack?
It seems like there are a lot of historical discussions around this, but how does someone get access to the Sl...
Does someone know if it's possible to ingest Windows DNS logs without using NXLog paid version?
Does someone know if it's possible to ingest Windows DNS logs without using NXLog paid version? Even with othe...
Can I get a instance of SOAR platform for testing?
Can I get a instance of SOAR platform for testing?
On Google Chronicle SOAR, do we have integration to Tenable AD? (Tenable Identity Exposure)
On Google Chronicle SOAR, do we have integration to Tenable AD? (Tenable Identity Exposure) I could just find ...
When creating a custom job within the IDE, is there a way to specify the environment?
Hello, when creating a custom job within the IDE, is there a way to specify the environment?
Does anyone know what does this means. "Unknown error code"?
Hello does anyone know what does that means. "Unknown error code" View files in slack
Geo IP location for all logs in Log Explorer
Good Day,Is there a way to turn on Geo IP location for the logs that have Source IP data in them? So for examp...
How do we query the list of unparsed logs from the SIEM?
How do we query the list of unparsed logs from the SIEM?
How to forward logs from the source to the forwarder and then from the forwarder to the SIEM?
Hi All, I'm currently in the process of integrating the forwarder with the SIEM system. I've successfully inst...
What is the default parser or a sample parser for Aruba Wireless logs?
Hi all, Could I please obtain a default parser or a sample parser for Aruba Wireless logs?
How can I ingest firewall traffic logs with Google Cloud Audit ?
Hi all, Can I ingest firewall traffic logs with Google Cloud Audit and how? Is there a link or feed about that...
when using the search chronicle api, is there a way to get more than 10,000 events?
Hi Team, when using the search chronicle api, is there a way to get more than 10,000 events? or some type of p...
How to parse security_result for any severity?
How to parse security_result for any severity
How to represent linux group data in UDM?
Hi! We’d like to ingest some UDM data about group creation events (specifically linux groups created on a host...
Has anyone been able to use "filter" function within the JSON result pop-up?
Has anyone been able to use "filter" function within the JSON result pop-up? I've tried multiple times but I'm...
Can you please explain me about the priority controls order in subnets?
@Dmitry_Sarakeev , Please another question, the priority column in the Environment - Networks, for subnet uplo...
Help with this error after connector returns from the integration?
Any ideas on this error? It's occurring after the connector returns from the integration. The connector states...
How do you deal with nested JSON when creating a parser?
How do you deal with nested JSON when creating a parser? I see that JSON filter does not support nested JSON.
