Visual families specify the relationship between the entities and protagonists
from the third-party applications. You can configure the family's field
and relationships.
The family is attached to a specific event / product in the
Event Configuration > Visualization
screen. The family is then displayed in the
Explore Cases
screen for each event, product or source so that the analyst can see who did
what and when.
To clone or create a visual family:
Navigate to Settings > Ontology > Visual Families.
Either select one of the existing visual families and click the Duplicate
icon on the top right. (Or select add
and create a new family from scratch).
In the Family Rules screen that opens, edit the relevant information by
either selecting a row and clicking edit.
Or click add to add a new family rule.
Enter the relevant information. Primary to Fourth Source of where to take
the Information and the Primary to Fourth Destination in Google Security Operations to send
it to. Relation Type: Type (action) or Linked (connection). An action is
when one entity does something to another entity (user sends an email). A
connection simply means the two entities are related (user and the machine's
host name). In the Explore screen, the Type (action) is denoted by an arrow
and Linked (connection) is denoted by a dotted line.
Click Save.
Make sure to click the Save icon the top right of the screen before exiting
this screen!
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-06 UTC."],[[["Visual families define relationships between entities and protagonists from third-party applications within Google SecOps SOAR."],["Visual families are configured in the Event Configuration \u003e Visualization screen and displayed in the Explore Cases screen to show entity interactions."],["You can create new visual families or clone existing ones via Settings \u003e Ontology \u003e Visual Families and then define family rules in the Family Rules screen."],["When defining family rules, you specify the source of information, the destination within Google Security Operations, and the relation type, which can be either an action or a connection."],["Visual Families can be exported and imported as a zip file, containing the details in a JSON file."]]],[]]
