FortiSOAR Ideas
gurveersingh
New Contributor II
Status: Investigating

Can we update the Elasticsearch connector to ingest triggered alerts in the same way we do for other SIEMs like FortiSIEM and Splunk? Additionally, can we create playbook collections that can be scheduled to ingest these alerts?

 

Here is the API documentation for retrieving alerts:

https://www.elastic.co/guide/en/security/current/signals-api-overview.html

 

Please let me know if you need any further information

2 Comments
Status changed to: Investigating
 
gurveersingh
New Contributor II

@sjinturkar_FTNT any update on this?