IBM Security QRadar SOAR

Hi everyone,

The "Data Feeder for SOAR" is only available in integration server format.
Is there any plan to make it avalable in app host format?

Thanks

------------------------------
Pierre Dufresne
------------------------------

Hi Pierre,

The following Data Feeder plugins are AppHost compatible:

rc_data_feed_plugin_splunkfeed
rc_data_feed_plugin_kafkafeed
rc_data_feed_plugin_elasticfeed
rc_data_feed_plugin_resilientfeed
rc_data_feed_plugin_odbcfeed
-- The only environments unavailable from odbcfeed is the sqllite option.

The download from the AppExchange is ready for AppHost use.

Regards,
Mark

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Wed July 28, 2021 02:28 PM
From: Pierre Dufresne
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi everyone,

The "Data Feeder for SOAR" is only available in integration server format.
Is there any plan to make it avalable in app host format?

Thanks

------------------------------
Pierre Dufresne
------------------------------

Hi Mark,
Thanks for your answer.
In fact, I was talking about the rc_data_feed-2.1.0 which is the newest.
I was planning to use the Local directory functionnality and also the attachment content that is new with this version.
The documentation does not state that this version is app host compatible.

------------------------------
Pierre Dufresne
------------------------------

Original Message:
Sent: Tue August 03, 2021 07:52 AM
From: Mark Scherfling
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi Pierre,

The following Data Feeder plugins are AppHost compatible:

rc_data_feed_plugin_splunkfeed
rc_data_feed_plugin_kafkafeed
rc_data_feed_plugin_elasticfeed
rc_data_feed_plugin_resilientfeed
rc_data_feed_plugin_odbcfeed
-- The only environments unavailable from odbcfeed is the sqllite option.

The download from the AppExchange is ready for AppHost use.

Regards,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Wed July 28, 2021 02:28 PM
From: Pierre Dufresne
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi everyone,

The "Data Feeder for SOAR" is only available in integration server format.
Is there any plan to make it avalable in app host format?

Thanks

------------------------------
Pierre Dufresne
------------------------------

rc_data_feed-2.1.0 is the base module which isn't usable without a plugin. The local directory capability (Data Feeder Filefeed Plugin for SOAR?) cannot be converted to App Host as file retention would be local to the container and thus lost each time the container is restarted.

------------------------------
Mark Scherfling
------------------------------

Original Message:
Sent: Tue August 03, 2021 08:31 AM
From: Pierre Dufresne
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi Mark,
Thanks for your answer.
In fact, I was talking about the rc_data_feed-2.1.0 which is the newest.
I was planning to use the Local directory functionnality and also the attachment content that is new with this version.
The documentation does not state that this version is app host compatible.

------------------------------
Pierre Dufresne

Original Message:
Sent: Tue August 03, 2021 07:52 AM
From: Mark Scherfling
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi Pierre,

The following Data Feeder plugins are AppHost compatible:

rc_data_feed_plugin_splunkfeed
rc_data_feed_plugin_kafkafeed
rc_data_feed_plugin_elasticfeed
rc_data_feed_plugin_resilientfeed
rc_data_feed_plugin_odbcfeed
-- The only environments unavailable from odbcfeed is the sqllite option.

The download from the AppExchange is ready for AppHost use.

Regards,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Wed July 28, 2021 02:28 PM
From: Pierre Dufresne
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi everyone,

The "Data Feeder for SOAR" is only available in integration server format.
Is there any plan to make it avalable in app host format?

Thanks

------------------------------
Pierre Dufresne
------------------------------

If rc_data_feed-2.1.0 is the base module, why isn't it available for app hosts?

Also, I understand for filefeed and the container thing but after extracting the incident and the attachment into a directory, I was planning to move the files to another server anyway.

------------------------------
Pierre Dufresne
------------------------------

Original Message:
Sent: Tue August 03, 2021 09:02 AM
From: Mark Scherfling
Subject: Availability of the "Data Feeder for SOAR" in app host format

rc_data_feed-2.1.0 is the base module which isn't usable without a plugin. The local directory capability (Data Feeder Filefeed Plugin for SOAR?) cannot be converted to App Host as file retention would be local to the container and thus lost each time the container is restarted.

------------------------------
Mark Scherfling

Original Message:
Sent: Tue August 03, 2021 08:31 AM
From: Pierre Dufresne
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi Mark,
Thanks for your answer.
In fact, I was talking about the rc_data_feed-2.1.0 which is the newest.
I was planning to use the Local directory functionnality and also the attachment content that is new with this version.
The documentation does not state that this version is app host compatible.

------------------------------
Pierre Dufresne

Original Message:
Sent: Tue August 03, 2021 07:52 AM
From: Mark Scherfling
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi Pierre,

The following Data Feeder plugins are AppHost compatible:

rc_data_feed_plugin_splunkfeed
rc_data_feed_plugin_kafkafeed
rc_data_feed_plugin_elasticfeed
rc_data_feed_plugin_resilientfeed
rc_data_feed_plugin_odbcfeed
-- The only environments unavailable from odbcfeed is the sqllite option.

The download from the AppExchange is ready for AppHost use.

Regards,
Mark

------------------------------
Mark Scherfling

Original Message:
Sent: Wed July 28, 2021 02:28 PM
From: Pierre Dufresne
Subject: Availability of the "Data Feeder for SOAR" in app host format

Hi everyone,

The "Data Feeder for SOAR" is only available in integration server format.
Is there any plan to make it avalable in app host format?

Thanks

------------------------------
Pierre Dufresne
------------------------------