Navigate the Google SecOps SOAR platform

Supported in:

This document serves as a comprehensive reference guide to the Google Security Operations SOAR platform's interface. Use the side navigation menu to access all platform pages and modules. This guide maps the core user goals—from threat response and automation development to system administration—to their corresponding location in the navigation menu.

To navigate around the Google Security Operations SOAR platform, use the left navigation menu to access all of the Google SecOps SOAR pages. The navigation menu displays the different Google SecOps SOAR modules and expands when holding the pointer over it.

Google SecOps SOAR module map

The following table organizes the platform's features by primary function and their location in the navigation menu.

Action Where you can find it
Manage all incoming cases in the platform.
Cases
View tailored actions and tasks you need to complete on cases. Your Workdesk
Search for cases and entities. Search
Design automated sequence of actions (playbook). Response > Playbooks
Configure integrations for different instances. Response > Integrations Setup
Edit predefined jobs or create new scheduled jobs. Response > Jobs Scheduler
Edit the code of commercial integrations or create custom integrations. Response > IDE
Access and analyze information on cases, playbooks, environments, and other relevant subjects. Dashboard & Reports > Dashboards
View both predefined Google SecOps SOAR reports and advanced reports using Looker. Dashboard & Reports > Reports
Install third-party integrations plus use cases and power ups for the platform. Marketplace
Manage all the administrator tasks and configuration for SOAR features. Settings

Settings

Action Where you can find it
Add new users to the platform. Settings > Organization > User Management
Define environments and manage permissions or roles. Settings > Organization > Environments
Manage permissions and restrictions for different user groups. Settings > Organization > Permissions
View your license details and the current SOAR version. Settings > Organization > License Management
Add or edit roles for security teams to control access to cases and environments. Settings > Organization > Roles
Display your company logo (rebranding) on the header of each page or on all exported reports. Organization > Rebranding
Add and manage tags that are added automatically to cases. Settings > Case Data > Tags
Define the different stages of a case. Settings > Case Data > Case Stages
Define root causes for closing a case and what was the actual cause. Settings > Case Data > Case close root cause
Set the case name hierarchy. Settings > Case Data > Case name
Define default case and alert views using widgets. Settings > Case Data > Views
Generate API key to interact with the Google SecOps SOAR API. Settings > Advanced > API Keys
View all user activities in the platform. Settings > Advanced > Audit
Set policies for data retention and handling cases between environments. Settings > Advanced > General
Manage and configure the default time zones and date and time formats. Settings > Advanced > Localization
Define rules for grouping alerts and for overflow cases. Settings > Advanced > Alerts Grouping
Configure a SAML provider. Settings > Advanced > External Authentication
Set up and manage remote agents. Settings > Advanced > Remote Agents
Configure the email address for all Google SecOps SOAR system emails. Settings > Advanced > Email Settings
Give Google Support access to your platform. Settings > Advanced > Support Access
View property definitions for ingested data. Data Configuration > Properties Metadata
View statistics on the platform. Data Configuration > Statistics
Manage and configure visual family matches to specific products and events. Settings > Ontology > Ontology Status
Manage, edit, and create visual families. Settings > Ontology > Visual Families
Define environments in the platform. Settings > Environments > Networks
Define domains. Settings > Environments > Domains
Define custom lists consisting of users, IP addresses, and other entities. Settings > Environments > Custom lists
Define email templates to be used in playbooks and other actions. Settings > Environments > Email templates
Define email HTML templates to be used in playbooks and other actions. Settings > Environments > Email HTML templates
Define entities in alerts that shouldn't be grouped or entities that shouldn't be displayed. Settings > Environments > Blocklist
Define SLAs for resolving cases and alerts according to specific SLA triggers. Settings > Environments > SLA
Define requests for users to choose from in Your Workdesk. Settings > Environments > Requests
Manage departments that Incident Manager users are associated with. Settings > Incident Manager > Departments
Define the users added as collaborators for every incident in the Incident Manager. Settings > Incident Manager > Auditors
Define which environments are authorized to have their cases handled in the Incident Manager. Settings > Incident Manager > Environments
Set up connectors to ingest alerts into the platform. Ingestion > Connectors
Set up webhooks to ingest alerts into the platform. Ingestion > Webhooks

Need more help? Get answers from Community members and Google SecOps professionals.