|
Add new users to the platform
|
Organization > User Management
|
|
Define environments
|
Organization > Environments
|
|
Manage permissions and restrictions for different user groups
|
Organization > Permissions
|
|
View your license details and the current SOAR version
|
Organization > License Management
|
|
Add or edit roles for security teams to control access to cases and
environments
|
Organization > Roles
|
|
Display your company logo on the header of each page or on all exported
reports
|
Organization > Rebranding
|
|
Add and manage tags that are added automatically to cases
|
Case Data > Tags |
|
Define the different stages of a case that are used by your organization
|
Case Data > Case Stages |
|
Define root causes for closing a case, whether it was malicious or not,
and what was the actual cause
|
Case Data > Case close root cause
|
| Set the case name hierarchy |
Case Data > Case name
|
|
Define default case and alert views using widgets
|
Case Data > Views |
Generate API key to interact with the Google Security Operations API
|
Advanced > API Keys |
|
Take a look at all user activities in the platform
|
Advanced > Audit |
|
Set policies for data retention and handling cases between
environments
|
Advanced > General |
|
Manage and configure the default time zones and date and time formats
|
Advanced > Localization
|
|
Define rules for grouping alerts and for overflow cases
|
Advanced > Alerts Grouping
|
|
Configure a SAML provider
|
Advanced > External Authentication
|
| Set up and manage remote agents |
Advanced > Remote Agents
|
|
Configure the email address from which all SOAR system emails are
sent
|
Advanced > Email Settings
|
|
Allow Google Support to access your platform
|
Advanced > Support Access
|
|
View property definitions for ingested data
|
Data Configuration > Properties Metadata
|
|
View statistics on the platform
|
Data Configuration > Statistics
|
|
Manage and configure visual family matches to specific products and
events
|
Ontology > Ontology Status
|
|
Manage, edit, and create visual families
|
Ontology > Visual Families
|
| Define environments in the platform |
Environments > Networks
|
| Define domains |
Environments > Domains
|
Define custom lists consisting of users, IP addresses, and other
entities
|
Environments > Custom lists
|
Define email templates to be used in playbooks and other actions
|
Environments > Email templates
|
Define email HTML templates to be used in playbooks and other
actions
|
Environments > Email HTML templates
|
|
Define entities in alerts that shouldn't be grouped or entities that
shouldn't be displayed
|
Environments > Blocklist
|
|
Define SLAs for resolving cases and alerts according to specific SLA
triggers
|
Environments > SLA |
|
Define requests for users to choose from in their workdesk
|
Environments > Requests
|
Manage departments that Incident Manager users are associated with
|
Incident Manager > Departments
|
|
Define the users added as collaborators for every incident in the
Incident Manager
|
Incident Manager > Auditors
|
|
Define which environments are authorized to have their cases handled in
the incident manager
|
Incident Manager > Environments
|
|
Set up connectors to ingest alerts into the platform
|
Ingestion > Connectors
|
|
Set up webhooks to ingest alerts into the platform
|
Ingestion > Webhooks
|
