Hi,
I will like to know if there are such integration between Elastic and XSOAR. Understand there are integrations for such functions with ServiceNow, JIRA and IBM Resilient, however I am trying to make use Cortex XSOAR to do case creation from Elastic.
I will like to if we can trigger API from XSOAR when we are creating a case in Elastic.
Thank you!
Hello! In an open issue, Additional action types for alerting · Issue #45023 · elastic/kibana · GitHub, this looks like it's on our roadmap.
I haven't been able to find exactly what you're looking for (case creation from Elastic using Cortex XSOAR) but I wanted to share what I have found.
I found a Palo Alto Networks presentation where they integrated XSOAR with Elastic.
Presentation: Upgrade Your SOC with Cortex XSOAR & Elastic SIEM | Elastic slides: Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
It looks like they have some more information on their site that might be helpful:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/installation/install-cortex-xsoar-with-elasticsearch.html
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/manage-data/migrate-indicators-to-elasticsearch/indicator-migration-overview.html
Thanks!
Hi Rachel,
Thanks for the reply!
What I am looking for it, is to try to trigger XSOAR's incident creation when Elastic has a new Case created.
May I know if this is possible?
Many thanks!
Hi!
Unfortunately, it does not look like this is yet possible. Please check out the public issue for when better integration is possible! Additional action types for alerting · Issue #45023 · elastic/kibana · GitHub.
Best,
Rachel
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.