This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Security Community will be in read-only mode July 16 - July 22 as we migrate platforms. 

Read more and check out our FAQ
Log in to ask a question

create entities from data ingested via webhook

Posted on 10-28-2024 03:10 PM
kaushalpatel
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Ingested phishing email data using soar webhook 
It created the simple event with all the json fields like json.headers
How to extract fields and create entities out of it ?

Solved Solved
0 3 578
Topic Labels
Jump to Solution
0 Likes
Reply
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
rodSOAR
Staff
Reply posted on --/--/---- --:-- AM

Hello @kaushalpatel,

Looks like you are using the native to SOAR webhook ingestion method. Note that after you ingest your first alert, you will need to setup the ontology for these types of events to extract what would be the entities which you can later enrich using playbooks. You can read more about this specific process here
This process is not retroactive, only alerts ingested after the ontology setup is completed will be parsed.

View solution in original post

Jump to Solution
Reply
3 REPLIES 3
Top Solution Authors
View all