Defining Environments in Connectors
There are multiple ways to define connectors as each connector has a different configuration.
However, there are three main ways which will be detailed below.
Set static environment: the analyst selects the option in the drop-down Default Environment field in the specific connector on the Chronicle SOAR platform.
Extract environment dynamically: the analyst needs to define the Environment Field Name field. The environment will be extracted from that field.
Extract environment dynamically + RegEx pattern: the analyst can define the Environment Regex Pattern field and the environment will be extracted from that field by the RegEx pattern. Note that not all connectors support this option.
Using 3rd party multi tenant mechanism: Some integrations have a built-in multi tenant mechanism. These integration connectors have a checkbox that allows the analyst to set the environment field by the 3rd party tenant name.
In some cases – the extracted environment field value will be different from the Chronicle SOAR environment (e.g. environment field will be altostrat.com while the Chronicle SOAR environment is called altostrat).
You can define Alias names in the Settings > Environments > Add Environment section in order to match the name in the Integration with the name of the environment in the Chronicle SOAR platform.
If after the entire process, the connector has no environment \ empty environment (“”), the default will override the empty result.