Remote Agents for Cloud Overview
The Remote Agents module provides a secure way to connect a local Chronicle SOAR instance to remote sites. This provides MSSP and enterprise Security Operations Centers with a variety of capabilities:
- Execute actions and playbooks on remote sites directly from Chronicle SOAR
- Pulling alerts and security data from remote sites with remote connectors
- Connect to separate networks to pull data for incident response purposes
The Remote Agents infrastructure for Cloud Users consists of 2 main components:
Chronicle SOAR Platform
Deployment of Chronicle SOAR platform to consolidate all security alerts in one place, and orchestrate security and network products with automated workflows.
Chronicle SOAR Agent
A remote agent deployed on the remote site. The agent pulls new tasks from Chronicle SOAR, executes locally (on the remote\separate network) and updates Chronicle SOAR with the results.
The agent is easily deployed and allows both enterprise and MSSP end customers to deploy it by themselves.
The agent can initiate communication with Chronicle SOAR to get new commands and to send new alerts and data.
For information on requirements and prerequisites, refer to Requirements and Prerequisites.