ontology and mapping

I've been trying for literally weeks to get our ontology and mapping setup. Most of our data is from a custom source but some of it is from a commercial AV vendor. I've deleted mapping categories that I'm not sure how to make come back and despite manipulating the mappings and ontology on every level, nothing seems to change my entity graph.

What i really want is for somebody to sit with me on a zoom call and help me prototype an ontology and mapping configuration because I know what I want to do but despite weeks of watching videos and reading documentation I still have no clue how to accomplish it.

Solved Solved
0 4 247

got this fixed by working with google support

View solution in original post


I have't looked at implementing entity graphs in over 2 years because of this. Is there a specific use case where you need them?

being able to present our response operators with a singular flow graph of the telemetry pertaining to an alert is core to our entire SOC strategy. If this can not be accomplished with the built in chronicle SOAR components I will have no choice but to either:
a) build my own graph entirely in d3 and use a custom HTML integration to display it, ignoring 100% of chronicle's configuration capabilities

b) significantly invest in replacing Chronicle SOAR with another platform

I would use Case Management or Explore to try and identify the missing field (if I didn't already know the entity name). Then attempt to add back in by Settings/Ontology/Visual Family.   If that didn't resolve it; I would go to Event Configuration under Mapping and edit fields in the pulldown on the far right of the field I was looking to add the entity to.

got this fixed by working with google support