Skip to content

SOCRadar Pack v2.2.0 - Add Multi-Tenant Integration #42540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Radargoger wants to merge 1 commit into
base: contrib/Radargoger_socradar-v4-multitenant
Choose a base branch
from
Open

SOCRadar Pack v2.2.0 - Add Multi-Tenant Integration #42540

Radargoger wants to merge 1 commit into from

Conversation

@Radargoger
Copy link
Contributor

@Radargoger Radargoger commented Jan 5, 2026
edited by content-bot
Loading

Description

New multi-tenant integration for MSPs and MSSPs to manage security incidents from multiple companies using SOCRadar's Multi-Tenant API.

Type of Change

  • New integration
  • Pack update

Changes

  • Added SOCRadar Incidents v4 Multi-Tenant integration
  • Centralized management: Monitor multiple companies from single integration
  • Automatic company ID tracking and extraction in alarms
  • Smart company ID handling: Actions auto-extract company ID from alarm data
  • Configurable company information visibility in incidents
  • Multi-status filtering (OPEN, CLOSED, ON_HOLD)
  • Epoch time precision for zero duplicate incidents
  • 9 management commands for full incident lifecycle
  • All SOCRadar Incidents v4 features included
  • Updated pack_metadata.json to version 2.2.0
  • Added release notes for version 2.2.0

Key Features

  • Multi-Tenant Support: Single integration monitors multiple companies
  • Automatic Company Tracking: Each alarm includes company_id and company_name
  • Smart Actions: Commands automatically extract company ID from alarm data
  • Flexible Override: Manual company_id parameter available when needed
  • Seamless Operation: No need to remember company IDs for each alarm

Multi-Tenant Workflow

  1. Integration uses Multi-Tenant ID to fetch alarms from all companies
  2. Each alarm includes company_id and company_name fields
  3. When taking actions, company ID is automatically extracted from alarm
  4. Manual override available via company_id parameter if needed

New Commands (with auto company ID extraction)

  • socradar-change-alarm-status
  • socradar-mark-false-positive
  • socradar-mark-resolved
  • socradar-add-comment
  • socradar-change-assignee
  • socradar-add-tag
  • socradar-ask-analyst
  • socradar-change-severity
  • socradar-test-fetch

Dependencies

  • Builds on SOCRadar pack structure
  • Compatible with existing SOCRadar integrations

Testing

  • Multi-tenant API tested
  • Company ID auto-extraction verified
  • All commands tested with company ID handling
  • Fetch incidents verified across multiple companies
  • Documentation complete

Checklist

  • Code follows XSOAR style guidelines
  • Integration icon added (120x50)
  • README.md is complete
  • Release notes added
  • pack_metadata.json updated
  • Documentation includes multi-tenant workflow

relates: https://jira-dc-proxy.xdr.pan.local/browse/CIAC-15482

@Radargoger
SOCRadar Pack v2.2.0 - Add Multi-Tenant Integration
a06b3c8 
- Added SOCRadar Incidents v4 Multi-Tenant integration
- Centralized management for MSPs and MSSPs
- Automatic company ID tracking and extraction
- Smart company ID handling for all actions
- Multi-company monitoring from single integration
- All v4 features included (multi-status, epoch time, 9 commands)
- Updated pack_metadata.json to version 2.2.0
- Added release notes for version 2.2.0
@content-bot content-bot added Contribution Thank you! Contributions are always welcome! External PR Partner Support Level Indicates that the contribution is for Partner supported pack labels Jan 5, 2026
@content-bot content-bot changed the base branch from master to contrib/Radargoger_socradar-v4-multitenant January 5, 2026 10:27
@content-bot
Copy link
Collaborator

content-bot commented Jan 5, 2026

Thank you for your contribution. Your generosity and caring are unrivaled! Make sure to register your contribution by filling the Contribution Registration form, so our content wizard @merit-maita will know the proposed changes are ready to be reviewed.
For your convenience, here is a link to the contributions SLAs document.

@content-bot
Copy link
Collaborator

content-bot commented Jan 5, 2026

Hi @Radargoger, thanks for contributing to the XSOAR marketplace. To receive credit for your generous contribution please follow this link.

@content-bot content-bot added Contribution Form Filled Whether contribution form filled or not. Partner labels Jan 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@merit-maita merit-maita Awaiting requested review from merit-maita

At least 1 approving review is required to merge this pull request.

Assignees

@merit-maita merit-maita

Labels

Contribution Form Filled Whether contribution form filled or not. Contribution Thank you! Contributions are always welcome! External PR Partner Support Level Indicates that the contribution is for Partner supported pack Partner

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Radargoger @content-bot @merit-maita