What are Connectors?

The connectors are the entry point for alerts into Chronicle SOAR. Their job is to translate raw input data from multiple sources into Chronicle SOAR data. The connectors get alerts (or equivalent data – e.g. alarms, correlation events, etc) from 3rd party tools sent to the Data Processing layer, to be ingested as Chronicle SOAR alerts and events.

Overview

In this article, we will demonstrate how to develop an email connector in IDE in order to ingest raw data from an email source (Gmail) and translate it into Chronicle SOAR data in order to create cases in the platform.
The connector will scan each email message body in order to extract URLs from the email. In the next step we will check if these URLs are malicious using the product we have integrated with in My First Action.

Prerequisite steps

To allow the connector to connect to your email inbox there are a few steps that need to be done.

1. Let’s start off by creating a new Gmail account or using one that you already have for testing purposes.
2. “2-step verification”, is one of the security adjustments to allow Chronicle SOAR platform to securely access the email inbox.

In order to leave your 2-step verification on, you can create an App Password that gives the Chronicle SOAR platform permission to access your Google Account. App Passwords can only be used with accounts that have 2-step verification turned on.

Click on the App passwords icon and then fill in the relevant fields:

“Select app”: select “Other (Custom name)” option and add URL associated with your Chronicle SOAR platform (DNS).

The next step is to create the email connector in the IDE. Continue to the Developing the Connector.