Navigate the Google SecOps SOAR platform
This document serves as a comprehensive reference guide to the Google Security Operations SOAR platform's interface. Use the side navigation menu to access all platform pages and modules. This guide maps the core user goals—from threat response and automation development to system administration—to their corresponding location in the navigation menu.
To navigate around the Google Security Operations SOAR platform, use the left navigation menu to access all of the Google SecOps SOAR pages. The navigation menu displays the different Google SecOps SOAR modules and expands when holding the pointer over it.
Google SecOps SOAR module map
The following table organizes the platform's features by primary function and their location in the navigation menu.
Action | Where you can find it |
---|---|
Manage all incoming cases in the platform. |
Cases |
View tailored actions and tasks you need to complete on cases. | Your Workdesk |
Search for cases and entities. | Search |
Design automated sequence of actions (playbook). | Response > Playbooks |
Configure integrations for different instances. | Response > Integrations Setup |
Edit predefined jobs or create new scheduled jobs. | Response > Jobs Scheduler |
Edit the code of commercial integrations or create custom integrations. | Response > IDE |
Access and analyze information on cases, playbooks, environments, and other relevant subjects. | Dashboard & Reports > Dashboards |
View both predefined Google SecOps SOAR reports and advanced reports using Looker. | Dashboard & Reports > Reports |
Install third-party integrations plus use cases and power ups for the platform. | Marketplace |
Manage all the administrator tasks and configuration for SOAR features. | Settings |
Settings
Action | Where you can find it |
---|---|
Add new users to the platform. | Settings > Organization > User Management |
Define environments and manage permissions or roles. | Settings > Organization > Environments |
Manage permissions and restrictions for different user groups. | Settings > Organization > Permissions |
View your license details and the current SOAR version. | Settings > Organization > License Management |
Add or edit roles for security teams to control access to cases and environments. | Settings > Organization > Roles |
Display your company logo (rebranding) on the header of each page or on all exported reports. | Organization > Rebranding |
Add and manage tags that are added automatically to cases. | Settings > Case Data > Tags |
Define the different stages of a case. | Settings > Case Data > Case Stages |
Define root causes for closing a case and what was the actual cause. | Settings > Case Data > Case close root cause |
Set the case name hierarchy. | Settings > Case Data > Case name |
Define default case and alert views using widgets. | Settings > Case Data > Views |
Generate API key to interact with the Google SecOps SOAR API. | Settings > Advanced > API Keys |
View all user activities in the platform. | Settings > Advanced > Audit |
Set policies for data retention and handling cases between environments. | Settings > Advanced > General |
Manage and configure the default time zones and date and time formats. | Settings > Advanced > Localization |
Define rules for grouping alerts and for overflow cases. | Settings > Advanced > Alerts Grouping |
Configure a SAML provider. | Settings > Advanced > External Authentication |
Set up and manage remote agents. | Settings > Advanced > Remote Agents |
Configure the email address for all Google SecOps SOAR system emails. | Settings > Advanced > Email Settings |
Give Google Support access to your platform. | Settings > Advanced > Support Access |
View property definitions for ingested data. | Data Configuration > Properties Metadata |
View statistics on the platform. | Data Configuration > Statistics |
Manage and configure visual family matches to specific products and events. | Settings > Ontology > Ontology Status |
Manage, edit, and create visual families. | Settings > Ontology > Visual Families |
Define environments in the platform. | Settings > Environments > Networks |
Define domains. | Settings > Environments > Domains |
Define custom lists consisting of users, IP addresses, and other entities. | Settings > Environments > Custom lists |
Define email templates to be used in playbooks and other actions. | Settings > Environments > Email templates |
Define email HTML templates to be used in playbooks and other actions. | Settings > Environments > Email HTML templates |
Define entities in alerts that shouldn't be grouped or entities that shouldn't be displayed. | Settings > Environments > Blocklist |
Define SLAs for resolving cases and alerts according to specific SLA triggers. | Settings > Environments > SLA |
Define requests for users to choose from in Your Workdesk. | Settings > Environments > Requests |
Manage departments that Incident Manager users are associated with. | Settings > Incident Manager > Departments |
Define the users added as collaborators for every incident in the Incident Manager. | Settings > Incident Manager > Auditors |
Define which environments are authorized to have their cases handled in the Incident Manager. | Settings > Incident Manager > Environments |
Set up connectors to ingest alerts into the platform. | Ingestion > Connectors |
Set up webhooks to ingest alerts into the platform. | Ingestion > Webhooks |
Need more help? Get answers from Community members and Google SecOps professionals.