Quick Summary

Chronicle SOAR uses connectors to ingest alerts from a variety of data sources into the platform. A connector is one of the items in an integration package – which can be downloaded via the Marketplace. Connectors are configured from via Connectors.

Overview

Connectors are Python based applications that allow users to pull alerts from 3rd party products into Chronicle SOAR. Connectors also parse and normalize the raw data (alerts, events) into a Chronicle SOAR format which will then be presented as a Case in the Case Queue.
If you are running a SIEM (a central place for all your alerts), one connector will be enough. It is also possible to pull data from multiple sources with several connectors. Each connector will have a dedicated documentation link for additional help.

Example – Email Connector

Let’s set up an email connector.

1. Navigate to Marketplace > Integrations.
2. Search for and install email integration.
3. Next, select the gear icon to open up the Configure an Instance screen. Make sure to fill in all the required parameters. If you would like to configure the integration to a different instance (not the default environment) go back to the main screen and select Integrations under the gear icon. From this screen you can configure the integration under the relevant instance.
   
4. Navigate to > Connectors.
5. Click on the plus icon on the upper left side of the screen. 
6. Select the IMAP Email connector and click Create.
7. Fill in the empty mandatory fields and save the connector. Click Yes on the confirmation message.
8. Enable the connector and save it again. This will make it run periodically to pull any new emails according to the configuration.