This document explains how to create and manage environment groups in
Google Security Operations. Environment groups let you organize multiple environments
into logical categories, making it easier to manage large organizations or multiple
customers as a Managed Security Service Provider (MSSP).
Environment group use cases
MSSPs, government entities, and enterprises with multiple sub-organizations can all benefit from using environment groups. Common use cases include:
MSSP service-level tiers: Differentiating services based on customer tiers (for example, Gold, Silver).
Government sectors: Customize security solutions for specific industries (for example, communication, transportation).
Enterprise sub-organizations: Manage security for individual sub-organizations within a larger entity (for example, Sub Org 1, Sub Org 2).
Understand supported modules for environment groups
The following modules support environment groups:
Settings: Speeds up onboarding of new users and simplifies adding new environments to existing groups.
Playbooks or blocks: Streamlines playbook creation. You can adjust the scope of your playbooks by grouping environments together. Playbooks automatically update the scope when you modify the environment groups.
Case filters: Enables targeted issue and efficient issue resolution by filtering cases by environment group.
Limitations
The following modules don't support environment groups as a filter:
SOAR Search: When searching for cases, you can't filter by
environment groups. You must manually select individual environments.
SOAR Reports: When creating reports, environment groups aren't
available as a filter. You must select individual environments to define the
report scope.
Create an environment group
To create an environment group:
Go to SOAR Settings>Organization>Environments.
Click the Groups tab.
Click addAdd.
Enter the environment group name and description.
Add as many environments to the group as needed.
You can modify environment groups at any time. To do so, select Manage Groups and edit existing groups as needed.
Delete environment groups
When you delete an environment group, the action doesn't delete its associated environments.
However, if the deleted environment group is the only one associated with a playbook, the system also deletes the playbook.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-10 UTC."],[[["\u003cp\u003eEnvironment groups allow for the categorization of environments into logical groups, beneficial for MSSPs and large organizations.\u003c/p\u003e\n"],["\u003cp\u003eEnvironment groups are supported within the Settings, Playbooks, and Case filters modules, enhancing user onboarding, playbook creation, and issue resolution.\u003c/p\u003e\n"],["\u003cp\u003eCreating an environment group involves navigating to SOAR Settings, adding a group name, description, and selecting the environments to add.\u003c/p\u003e\n"],["\u003cp\u003eEnvironment groups are dynamic and can be modified by using the Manage Groups feature in SOAR settings.\u003c/p\u003e\n"],["\u003cp\u003eDeleting an environment group will not delete its associated environments, but will delete a playbook that is only associated with that deleted group.\u003c/p\u003e\n"]]],[],null,["Create environment groups \nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \nThis document explains how to create and manage environment groups in\nGoogle Security Operations. Environment groups let you organize multiple environments\ninto logical categories, making it easier to manage large organizations or multiple\ncustomers as a Managed Security Service Provider (MSSP).\n\nEnvironment group use cases\n\n\nMSSPs, government entities, and enterprises with multiple sub-organizations can all benefit from using environment groups. Common use cases include:\n\n- **MSSP service-level tiers**: Differentiating services based on customer tiers (for example, Gold, Silver).\n- **Government sectors**: Customize security solutions for specific industries (for example, communication, transportation).\n- **Enterprise sub-organizations**: Manage security for individual sub-organizations within a larger entity (for example, Sub Org 1, Sub Org 2).\n\nUnderstand supported modules for environment groups\n\nThe following modules support environment groups:\n\n- [**Settings**](/chronicle/docs/soar/admin-tasks/environments/work-with-environments): Speeds up onboarding of new users and simplifies adding new environments to existing groups.\n- [**Playbooks or blocks**](/chronicle/docs/soar/respond/working-with-playbooks/whats-on-the-playbooks-screen): Streamlines playbook creation. You can adjust the scope of your playbooks by grouping environments together. Playbooks automatically update the scope when you modify the environment groups.\n- [**Case filters**](/chronicle/docs/soar/investigate/working-with-cases/apply-and-save-filters): Enables targeted issue and efficient issue resolution by filtering cases by environment group.\n\nLimitations\n\n\nThe following modules don't support environment groups as a filter:\n\n- **SOAR Search**: When searching for cases, you can't filter by environment groups. You must manually select individual environments.\n- **SOAR Reports**: When creating reports, environment groups aren't available as a filter. You must select individual environments to define the report scope.\n\nCreate an environment group To create an environment group:\n\n1. Go to **SOAR Settings** \\\u003e **Organization** \\\u003e **Environments**.\n2. Click the **Groups** tab.\n3. Click add**Add**.\n4. Enter the environment group name and description.\n5. Add as many environments to the group as needed.\n\n\nYou can modify environment groups at any time. To do so, select **Manage Groups** and edit existing groups as needed.\n\nDelete environment groups\n\nWhen you delete an environment group, the action doesn't delete its associated environments.\nHowever, if the deleted environment group is the only one associated with a playbook, the system also deletes the playbook.\n\nTo delete an environment group:\n\n1. Go to **SOAR Settings** \\\u003e **Organization** \\\u003e **Environments**.\n2. Click the **Groups** tab.\n3. Click **Manage Groups**.\n4. Click delete**Delete**.\n\n\u003cbr /\u003e\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
