Configuring SOAR For Integration

The ESM and SOAR integration requires some configurations at SOAR. A user account with web user rights is created on ESM and its credentials are added to SOAR. This user account is used to read, write and access the active list at ESM. This web user created at SOAR is also responsible for accessing all of the required events, including the base events in ESM. To listen to the events, ESM is configured as an alert source on SOAR. After ESM is configured as alert source, SOAR can pull the events from ESM and convert them into alerts for investigation purpose.