Defining environments in connectors
There are multiple ways to define connectors as each connector has a different
configuration.
The four main ways to define connectors are as follows:
- Set static environment: the analyst defines the option in the Environment field in the specific connector on the Google Security Operations platform.
- Extract environment dynamically: the analyst defines the option in the Environment Field Name field. The environment is extracted from that field.
- Extract environment dynamically + regular expression pattern: the analyst defines the option in the Environment Regex Pattern field and the environment is extracted from that field by the regular expression pattern. Not all connectors support this option.
- Using third-party multi-tenant mechanism: the analyst defines the option in the Environment field by the third-party tenant name. Some integrations have a built-in multi-tenant mechanism. These integration connectors have a checkbox that allows the analyst to set the Environment field by the third-party tenant name.
In some cases, the extracted environment field value is different from the
Google Security Operations environment—for example, the Environment field
is altostrat.com
while the Google Security Operations environment is
called altostrat.
To define alias names, navigate to SOAR Settings > Organization > Environments. Click add Add Environment in order to match the name in the integration with the name of the environment in the Google Security Operations platform.
If after the entire process, the connector has no environment or an empty
environment (""
), the default overrides the empty result. If the
connector contains values that define an uncreated environment, then alerts
are ingested in the database and playbooks start to run. As soon as the new
environment is created, the cases and playbooks are displayed in the platform.
In order for alerts that are related to non-existing environments to
not be ingested into the database, you can contact
Google Security Operations Support
and request they make the change in the database configuration. For more
information, see
Open a ticket for Google Support.