Stay organized with collections
Save and categorize content based on your preferences.
Use Gemini and other experiments in Google SecOps
Supported in:
Google secops
This document explains how you can configure and run Google SecOps Gemini and other intelligence experiments without disrupting your existing production systems—and benefit from their output. The experiments comply with the Role-Based Access Control (RBAC) configuration of your environment, and they have streamlined configurations with clear actionable results and output.
Unlike other actions in Google SecOps, the results and output of Labs experiments are not persistent. When you exit the interface or configure a new iteration of an experiment, the results and output of Labs experiments are lost.
Google SecOps regularly updates the Labs experiment library. Not all experiments will apply to your environment. For more information, contact your Google SecOps representative.
Work with Labs experiments
On the Google SecOps page, click experimentLabs.
The first time you open the Labs page, the Enable labs dialog is displayed. Review the information, then click Agree to proceed.
Click Try on an experiment card to open the experiment's page, which displays the following:
The Release Date and Expiry Date of the experiment.
Configuration options for the experiment before you run it.
Status updates (for example, Analyzing, Generating, Validating) displayed after you configure parameters and run the experiment (for example, after you click Submit).
Results and output, including a human-readable explanation once the experiment completes. Some experiments include multiple stages and result sets you can navigate.
Click more_vertNew Lab to start a new iteration of the experiment and clear all the current data.
Provide feedback
Once you finish running an experiment, you can provide feedback. Your feedback helps Google improve the Labs experiments feature.
On the Labs page, click thumb_upPositive Vote or thumb_downNegative Vote. You can add feedback about why you chose the rating.
Click Submit.
Experiments
Alert Response Recommender: This pilot leverages historical data to suggest actionable recommendations for open security alerts. For more information, see Use the Alert Response Recommender.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Use Gemini and other experiments in Google SecOps\n=================================================\n\nSupported in: \nGoogle secops\n| **Note:** This feature is covered by [Pre-GA Offerings Terms](https://chronicle.security/legal/service-terms/) of the Google Security Operations Service Specific Terms. Pre-GA features might have limited support, and changes to pre-GA features might not be compatible with other pre-GA versions. For more information, see the [Google SecOps Technical Support Service guidelines](https://chronicle.security/legal/technical-support-services-guidelines/) and the [Google SecOps Service Specific Terms](https://chronicle.security/legal/service-terms/).\n\n\u003cbr /\u003e\n\n| **Note:** This feature is not available to all customers in all regions.\n\n\u003cbr /\u003e\n\nThis document explains how you can configure and run Google SecOps Gemini and other intelligence *experiments* without disrupting your existing production systems---and benefit from their output. The experiments comply with the Role-Based Access Control (RBAC) configuration of your environment, and they have streamlined configurations with clear actionable results and output.\n\nUnlike other actions in Google SecOps, the results and output of Labs experiments are not persistent. When you exit the interface or configure a new iteration of an experiment, the results and output of Labs experiments are lost.\n\nGoogle SecOps regularly updates the Labs experiment library. Not all experiments will apply to your environment. For more information, contact your Google SecOps representative.\n\n### Work with Labs experiments\n\n1. On the Google SecOps page, find and click experiment **Experiment** to open the **Labs** page.\n\n2. The first time you open the **Labs** page, the **Enable labs** dialog is displayed. Review the information, then click **Agree** to proceed.\n\n3. Click **Try** on an experiment card to open the experiment's page, which displays the following:\n\n - The **Release Date** and **Expiry Date** of the experiment.\n - Configuration options for the experiment before you run it.\n - Status updates (for example, Analyzing, Generating, Validating) displayed after you configure parameters and run the experiment (for example, after you click **Submit**).\n - Results and output, including a human-readable explanation once the experiment completes. Some experiments include multiple stages and result sets you can navigate.\n - Click more_vert **New Lab** to start a new iteration of the experiment and clear all the current data.\n\n### Provide feedback\n\nOnce you finish running an experiment, you can provide feedback. Your feedback helps Google improve the Labs experiments feature.\n\n1. On the **Labs** page, click thumb_up **Thumb Up** or thumb_down **Thumb Down**. You can add feedback about why you chose the rating.\n2. Click **Submit**.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
