[Important] Response Integration RNs are available publicly in Google Cloud Documentation now!
Hey folks, If you've struggled to understand what were the changes done to the Response Integrations every wee...
SecOps SOAR
This is the place to discuss all things related to SOAR, including best practices, tools, and use cases. We encourage you to ask questions, share your knowledge and experience with the community.
Forum Posts
[GA] - New Google Threat Intelligence Marketplace Integration
Hey folks! This week we finally released an official integration for Google Threat Intelligence. This integrat...
[Important] New Platform Feature - Custom Fields
This week we released Custom Fields - a new Case Management feature that allows you to extend the cases and al...
Leverage GenAI in automation with Vertex AI integration
We just released a new integration - Vertex AI! It's in public preview. If you are not familiar with Vertex AI...
Prevalence of entity using HTTP request
Im using this endpoint https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.insta...
Dependency Errors - QR Code Analyzes with Custom Action
Hi,Im currently working on a way to analyze malicious QR Codes, so i develop a simple script that takes as inp...
How to create an action to close a case using its case id
Hi there!I had been working on a custom action script inside of Google SecOps that would close cases using an ...
automate re-run playbook
I am unable to loop the playbook.i have created the playbook for automating the eml analysis If eml file is no...
Rerun an action from a playbook automatically
Hi, is there a way to rerun an action from a playbook automatically if it fails during the first run? Out of t...
Listing Parsing Errors via API
Hey Team,I tried using listing the parsing error using this endpoint: https://xx-chronicle.googleapis.com/v1al...
Close alert in TrendVisionOne with a job in secops
Good afternoon, I am trying to create a job in secops that lets me close alerts in TrendVisionOne. I successfu...
PowerShell Script Triggered from SecOps SOAR
Hi Team,I'm exploring options to automate the execution of a PowerShell script using variables extracted from ...
SLA KPI Reports
Hi, We would like to create SLA KPI reports according to the following criterias, is that possible, if yes how...
Google SecOps: How to use SecOps Q/A
To streamline your workflow and significantly reduce onboarding time, you can now ask Gemini questions about t...
Unresolved Expression in Google SecOps Playbook Output After Action Failure
I'm working with Google SecOps (Chronicle SOAR) playbooks, and I've noticed that when an action fails, the out...
Capture an Event and Put it on Custom View
I'm working on simplifying things to my team by creating a playbook to grab information from cases "events" an...
[Important] Response Integration RNs are available publicly in Google Cloud Documentation now!
Hey folks, If you've struggled to understand what were the changes done to the Response Integrations every wee...
SOAR Playbook actions to process case wall/comments
Hi team,We are working on developing playbooks from scratch and was wondering what would be the best way to re...
Playbook failure watcher
I'm looking to build a watcher to run via a scheduled alert type to look for any cases where the playbook stat...
JSON widget - remove or replace quotes
Hi all,Is it possible to get the JSON widget to not display the quotations for string values?Tried the express...
Unable to Locate "Feeds" in Community Edition
I’m currently exploring the Community Edition and noticed that under Settings, I can only see Connectors and W...
JIRA sync comments issue
Hi All,We have integrated Jira Cloud with SOAR. However, we've observed that in some cases, Jira comments are ...
Integration of MS Defender for Identity and other defender solutions
Hi Team,I have a few questions:Does the current 'Microsoft 365 Defender' integration package include the Defen...
Monitoring User Activities
Hi Team,What is the retention period of Audit logs in SOAR?Monitoring User Activities | Google Security Operat...
What is the best way to search for all recently closed cases via API?
What is the best way to search for all recently closed cases via API? I'm building a job to sync the status of...
How to Use ifThenElse in Expression Builder to Check for Null or Empty Fields
I'm working with the Expression Builder in Google SecOps SOAR and trying to conditionally check if a field (e....
Remote Agent Connection Validation
Hi,We've installed a remote agent successfully via docker. However, when testing the integration from the SOAR...
Base64 Images in HTML Widget
Has anyone had any luck embedding base64 encoded png's in the alert view HTML widget?I'm setting a context val...
Entity selection failure for AV scan
Hi All,I'm using the Entity Selection action and have set the action type to Manual while updating the hostnam...
Get if a user has MFA available in Entra ID
Hi, i made an azure query, but i cant get if the user has MFA activated or no?I saw Graph function "GET MFA St...
Sender Domain Blocking
Hi, we are getting alerts for phishing mails, is there any way to automate sender domain blocking in google se...
SOAR Severity
What determines severity in SOAR? Do certain risk scores map to certain severity? Or does it focus on the seve...
siemplify case close error
Hi All,when im closing the closing the case with Reason: Not malicious , Root cause : Authorized , comment: Te...
Using TIPCommon.write_content (and read_content) in a connector
Hi, I'm trying to wrote and read ids (json format) using TIPCommon package, but unable to make it work.I've cr...
