Navigate the platform (SOAR only)
Supported in:
To navigate around the Google Security Operations SOAR platform, use the left navigation menu to access all of the Google SecOps SOAR pages. The navigation menu displays the different Google SecOps SOAR modules and expands when holding the pointer over it.
| What do you want to do? | Where can you find it? |
|---|---|
|
Manage all the incoming cases in the platform |
Cases |
| View tailored actions and tasks that you need to complete on cases | Your Workdesk |
| Search for cases and entities | Search |
| Design automated sequence of actions to start as soon as the relevant alert enters the platform | Response > Playbooks |
| Configure integrations for different instances | Response > Integrations Setup |
| Edit predefined jobs or create new jobs that can be scheduled to run periodically | Response > Jobs Scheduler |
| Edit the code of commercial integrations or create custom integrations | Response > IDE |
| Access and analyze information on cases, playbooks, environments, and other relevant subjects |
Dashboard & Reports > Dashboards |
| View both predefined Google SecOps SOAR reports and advanced reports using Looker |
Dashboard & Reports > Reports |
| Highlight an incident as a crisis situation and create a dedicated space to handle it | Incident Manager |
|
Install third-party integrations plus use cases and power ups for the
platform |
Marketplace |
|
Manage all the administrator tasks and configuration for SOAR features |
Settings |
Settings
| What do you want to do? | Where can you find it? |
|---|---|
| Add new users to the platform | Organization > User Management |
| Define environments | Organization > Environments |
| Manage permissions and restrictions for different user groups | Organization > Permissions |
| View your license details and the current SOAR version | Organization > License Management |
| Add or edit roles for security teams to control access to cases and environments | Organization > Roles |
| Display your company logo on the header of each page or on all exported reports | Organization > Rebranding |
| Add and manage tags that are added automatically to cases | Case Data > Tags |
| Define the different stages of a case that are used by your organization | Case Data > Case Stages |
| Define root causes for closing a case, whether it was malicious or not, and what was the actual cause | Case Data > Case close root cause |
| Set the case name hierarchy | Case Data > Case name |
| Define default case and alert views using widgets | Case Data > Views |
|
Generate API key to interact with the Google SecOps SOAR API |
Advanced > API Keys |
| Take a look at all user activities in the platform | Advanced > Audit |
| Set policies for data retention and handling cases between environments | Advanced > General |
| Manage and configure the default time zones and date and time formats | Advanced > Localization |
| Define rules for grouping alerts and for overflow cases | Advanced > Alerts Grouping |
| Configure a SAML provider | Advanced > External Authentication |
| Set up and manage remote agents | Advanced > Remote Agents |
| Configure the email address from which all SOAR system emails are sent | Advanced > Email Settings |
| Allow Google Support to access your platform | Advanced > Support Access |
| View property definitions for ingested data | Data Configuration > Properties Metadata |
| View statistics on the platform | Data Configuration > Statistics |
| Manage and configure visual family matches to specific products and events | Ontology > Ontology Status |
| Manage, edit, and create visual families | Ontology > Visual Families |
| Define environments in the platform | Environments > Networks |
| Define domains | Environments > Domains |
|
Define custom lists consisting of users, IP addresses, and other
entities |
Environments > Custom lists |
|
Define email templates to be used in playbooks and other actions |
Environments > Email templates |
|
Define email HTML templates to be used in playbooks and other
actions |
Environments > Email HTML templates |
| Define entities in alerts that shouldn't be grouped or entities that shouldn't be displayed | Environments > Blocklist |
| Define SLAs for resolving cases and alerts according to specific SLA triggers | Environments > SLA |
| Define requests for users to choose from in their workdesk | Environments > Requests |
|
Manage departments that Incident Manager users are associated with |
Incident Manager > Departments |
| Define the users added as collaborators for every incident in the Incident Manager | Incident Manager > Auditors |
| Define which environments are authorized to have their cases handled in the incident manager | Incident Manager > Environments |
| Set up connectors to ingest alerts into the platform | Ingestion > Connectors |
| Set up webhooks to ingest alerts into the platform | Ingestion > Webhooks |