Integrating SOAR with ESM

SOAR integrates with ESM to log and forward detailed reporting on every single incident to facilitate prioritization and investigation of alerts as well as the remediation of incidents.

SOAR ingests correlated events from ESM and converts them into an alert. When an alert is generated, a new incident is created on SOAR's Incident Management Service Desk. Analyst can then investigate the incident and take remedial actions.

The ESM and SOAR integrations presents following capabilities to:

• Ingest Correlated Alerts

• Retrieve Base Events

• Create Case

• Update Case

• Search Cases

• Get Case Details

• Query Active List

• Add Entries to Active List

• Delete Entries from Active List

The bidirectional integration of ESM and SOAR requires configuration at both the platforms.