Navigate the Chronicle Security Operations platform

When you access the Chronicle Security Operations platform, your view depends on the permission groups that you're assigned to. The sliding left navigation bar is customized for you based on your permissions.

To navigate around the platform, hold the pointer over the sliding left navigation bar and then click to access all of the Chronicle Security Operations screens.

What do you want to do? Where can you find it?
Manage all the incoming cases in the platform
Cases
View tailored actions and tasks that you need to complete on cases Your Workdesk
Search holistically across the entire platform
Investigation > SIEM Search
Search for cases and entities
Investigation > SOAR Search
Manage your SIEM rules and detections in the dashboard, editor and curated detections
Detection > Rules > Detections
View SIEM alerts and IOC matches
Detection > Alerts > IOCs
View risk scores and trends derived from SIEM Detection > Risk Analytics
Design automated sequence of actions to start as soon as the relevant alert enters the platform Response > Playbooks
Configure integrations for different instances Response > Integrations Setup
Edit predefined jobs or create new jobs that can be scheduled to run periodically Response > Jobs Scheduler
Edit the code of commercial integrations or create custom integrations Response > IDE
Look at analysis and reporting based on UDM events
Dashboard and Reports > SIEM Dashboards
Access and analyze information on cases, playbooks, environments, etc Dashboard and Reports > SOAR Dashboards
View both predefined Chronicle SOAR reports and advanced reports using Looker Dashboard and Reports > SOAR Reports
Highlight an incident as a crisis situation and create a dedicated space to handle it Incident Manager
Install third-party integrations plus use cases and power ups for the platform
Chronicle Marketplace
Manage administration tasks, ingestion, and parsing configuration for SIEM Settings > SIEM Settings
Manage all the admin tasks and configuration for SOAR features
Settings > SOAR Settings


SIEM Settings

What do you want to do? Where can you find it?
View details about users and the organization. Profile
View all the users and groups in the SIEM side of the platform Users & Groups
View the roles and permissions for the SIEM components of the platform Roles
Configure and view SIEM feeds Feeds
Configure and view SIEM forwarders Forwarders
Manage parsers and parser extensions Parsers
View associated Google Cloud Platform project information
Google Cloud Platform
Manage Role-based access control for SIEM users
Data RBAC
Setup Google Workspace to forward data to Chronicle
Workspace Attach

SOAR Settings

What do you want to do? Where can you find it?
View all the users in the Chronicle SecOps platform Organization > User Management
Define environments Organization > Environments
Manage permissions and restrictions for different user groups Organization > Permissions
View your license details and the current SOAR version Organization > License Management
Add or edit roles for security teams to control access to cases and environments Organization > Roles
Add and manage tags that are added automatically to cases Case Data > Tags
Define the different stages of a case that are used by your organization Case Data > Stages
Define root causes for closing a case, whether it was malicious or not and what was the actual cause Case Data > Case Close Root Causes
Set the case name hierarchy Case Data > Case Name
Define default case and alert views using widgets Case Data > Views
Generate API key to interact with the Chronicle API
Advanced > API Keys
Take a look at all user activities in the platform Advanced > Audit
Set policies for data retention and handling cases between environments Advanced > General
Manage and configure the default time zones and date and time formats Advanced > Localization
Define rules for grouping alerts and for overflow cases Advanced > Alerts Grouping
Map IdP groups to SOAR user groups, SOC roles and permission groups Advanced > IDP Group Mapping
Set up and manage remote agents Advanced >Remote Agents
Configure the email address from which all SOAR system emails are sent Advanced > Email Settings
Allow Google Support to access your platform Advanced > Support Access
View property definitions for ingested data Data Configuration > Properties Metadata
View statistics on the platform Data Configuration > Statistics
Manage and configure visual family matches to specific products and events Ontology > Ontology Status
Manage, edit, and create visual families Ontology > Visual Families
Define environments in the platform Environments > Networks
Define domains Environments > Domains
Define custom lists consisting of users, IPs, and other entities
Environments > Custom Lists
Define email templates to be used in playbooks and other actions
Environments > Email templates
Define email HTML templates to be used in playbooks and other actions
Environments > Email HTML templates
Define entities in alerts that shouldn't be grouped or entities that shouldn't be displayed Environments > Blocklist
Define SLAs for resolving cases and alerts according to specific SLA triggers Environments > SLA
Define requests for users to choose from in their workdesk Environments > Requests
Manage departments that Incident Manager users are associated with
Incident Manager > Departments
Define the users added as collaborators for every incident in the Incident Manager Incident Manager > Auditors
Define which environments are authorized to have their cases handled in the incident manager Incident Manager > Environments
Set up connectors to ingest alerts into the platform Ingestion > Connectors
Set up webhooks to ingest alerts into the platform Ingestion > Webhooks