SOCRadar-Alarm-Import
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Imports alarms from SOCRadar with optional audit logging and custom table storage. Supports all statuses or OPEN only.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | SOCRadar |
| Source | View on GitHub |
Additional Documentation
📄 Source: SOCRadar-Alarm-Import/readme.md
SOCRadar Alarm Import
Imports SOCRadar XTI platform alarms into Microsoft Sentinel as incidents.
Deploying this playbook also provisions the Data Collection Endpoint, the SOCRadar_Alarms_CL and SOCRadarAuditLog_CL custom log tables, the associated Data Collection Rules, and the role assignments required by the Logic App's managed identity. No separate infrastructure deployment is needed.
Features
- Paginated alarm fetching (100 per page)
- Duplicate detection via Microsoft Sentinel API
- Severity and status mapping
- Optional closed alarm import with classification
- Automatic tagging (SOCRadar, alarm type, sub type)
- Field truncation for large alarms
- Optional audit logging
Prerequisites
- SOCRadar XTI Platform API Key
- Microsoft Sentinel workspace
- Managed Identity with Microsoft Sentinel Responder role (default, Contributor optional)
Deployment
You can also install this playbook via Microsoft Sentinel Content Hub.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊