Navigate the platform (SOAR only)

To navigate around the Google Security Operations SOAR platform, use the left navigation menu to access all of the Google Security Operations SOAR pages. The navigation menu displays the different Google Security Operations SOAR modules and expands when holding the pointer over it.

What do you want to do? Where can you find it?
Manage all the incoming cases in the platform
Cases
View tailored actions and tasks that you need to complete on cases Your Workdesk
Search for cases and entities Search
Design automated sequence of actions to start as soon as the relevant alert enters the platform Response > Playbooks
Configure integrations for different instances Response > Integrations Setup
Edit predefined jobs or create new jobs that can be scheduled to run periodically Response > Jobs Scheduler
Edit the code of commercial integrations or create custom integrations Response > IDE
Access and analyze information on cases, playbooks, environments, and other relevant subjects Dashboard & Reports > Dashboards
View both predefined Google Security Operations SOAR reports and advanced reports using Looker Dashboard & Reports > Reports
Highlight an incident as a crisis situation and create a dedicated space to handle it Incident Manager
Install third-party integrations plus use cases and power ups for the platform
Marketplace
Manage all the administrator tasks and configuration for SOAR features
Settings

Settings

What do you want to do? Where can you find it?
Add new users to the platform Organization > User Management
Define environments Organization > Environments
Manage permissions and restrictions for different user groups Organization > Permissions
View your license details and the current SOAR version Organization > License Management
Add or edit roles for security teams to control access to cases and environments Organization > Roles
Display your company logo on the header of each page or on all exported reports Organization > Rebranding
Add and manage tags that are added automatically to cases Case Data > Tags
Define the different stages of a case that are used by your organization Case Data > Case Stages
Define root causes for closing a case, whether it was malicious or not, and what was the actual cause Case Data > Case close root cause
Set the case name hierarchy Case Data > Case name
Define default case and alert views using widgets Case Data > Views
Generate API key to interact with the Google Security Operations API
Advanced > API Keys
Take a look at all user activities in the platform Advanced > Audit
Set policies for data retention and handling cases between environments Advanced > General
Manage and configure the default time zones and date and time formats Advanced > Localization
Define rules for grouping alerts and for overflow cases Advanced > Alerts Grouping
Configure a SAML provider Advanced > External Authentication
Set up and manage remote agents Advanced > Remote Agents
Configure the email address from which all SOAR system emails are sent Advanced > Email Settings
Allow Google Support to access your platform Advanced > Support Access
View property definitions for ingested data Data Configuration > Properties Metadata
View statistics on the platform Data Configuration > Statistics
Manage and configure visual family matches to specific products and events Ontology > Ontology Status
Manage, edit, and create visual families Ontology > Visual Families
Define environments in the platform Environments > Networks
Define domains Environments > Domains
Define custom lists consisting of users, IP addresses, and other entities
Environments > Custom lists
Define email templates to be used in playbooks and other actions
Environments > Email templates
Define email HTML templates to be used in playbooks and other actions
Environments > Email HTML templates
Define entities in alerts that shouldn't be grouped or entities that shouldn't be displayed Environments > Blocklist
Define SLAs for resolving cases and alerts according to specific SLA triggers Environments > SLA
Define requests for users to choose from in their workdesk Environments > Requests
Manage departments that Incident Manager users are associated with
Incident Manager > Departments
Define the users added as collaborators for every incident in the Incident Manager Incident Manager > Auditors
Define which environments are authorized to have their cases handled in the incident manager Incident Manager > Environments
Set up connectors to ingest alerts into the platform Ingestion > Connectors
Set up webhooks to ingest alerts into the platform Ingestion > Webhooks