Navigate the Google Security Operations platform

Supported in:

Google SecOps

When you access the Google Security Operations platform, your view depends on the permission groups that you're assigned to. The sliding left navigation bar is customized for you based on your permissions.

To navigate around the platform, hold the pointer over the sliding left navigation bar and then click to access all of the Google Security Operations pages.

What do you want to do?	Where can you find it?
Manage all the incoming cases in the platform	Cases
View tailored actions and tasks that you need to complete on cases	Your Workdesk
Search holistically across the entire platform	Investigation > SIEM Search
Search for cases and entities	Investigation > SOAR Search
Manage your SIEM rules and detections in the dashboard, editor and curated detections	Detection > Rules > Detections
View SIEM alerts and IOC matches	Detection > Alerts > IOCs
View risk scores and trends derived from SIEM	Detection > Risk Analytics
Design automated sequence of actions to start as soon as the relevant alert enters the platform	Response > Playbooks
Configure integrations for different instances	Response > Integrations Setup
Edit predefined jobs or create new jobs that can be scheduled to run periodically	Response > Jobs Scheduler
Edit the code of commercial integrations or create custom integrations	Response > IDE
Look at analysis and reporting based on UDM events	Dashboard and Reports > SIEM Dashboards
Access and analyze information on cases, playbooks, environments, etc	Dashboard and Reports > SOAR Dashboards
View both predefined Google Security Operations SOAR reports and advanced reports using Looker	Dashboard and Reports > SOAR Reports
Highlight an incident as a crisis situation and create a dedicated space to handle it	Incident Manager
Install third-party integrations plus use cases and power ups for the platform	Google Security Operations Marketplace
Manage administration tasks, ingestion, and parsing configuration for SIEM	Settings > SIEM Settings
Manage all the admin tasks and configuration for SOAR features	Settings > SOAR Settings

SIEM Settings

What do you want to do?	Where can you find it?
View details about users and the organization.	Profile
View all the users and groups in the SIEM side of the platform	Users & Groups
View the roles and permissions for the SIEM components of the platform	Roles
Configure and view SIEM feeds	Feeds
Configure and view SIEM forwarders	Forwarders
Manage parsers and parser extensions	Parsers
View associated Google Cloud Platform project information	Google Cloud Platform
Manage Role-based access control for SIEM users	Data RBAC
Setup Google Workspace to forward data to Google Security Operations	Workspace Attach

SOAR Settings

What do you want to do?	Where can you find it?
View all the users in the Google SecOps platform	Organization > User Management
Define environments	Organization > Environments
Manage permissions and restrictions for different user groups	Organization > Permissions
View your license details and the current SOAR version	Organization > License Management
Add or edit roles for security teams to control access to cases and environments	Organization > Roles
Add and manage tags that are added automatically to cases	Case Data > Tags
Define the different stages of a case that are used by your organization	Case Data > Stages
Define root causes for closing a case, whether it was malicious or not and what was the actual cause	Case Data > Case Close Root Causes
Set the case name hierarchy	Case Data > Case Name
Define default case and alert views using widgets	Case Data > Views
Generate API key to interact with the Google Security Operations API	Advanced > API Keys
Take a look at all user activities in the platform	Advanced > Audit
Set policies for data retention and handling cases between environments	Advanced > General
Manage and configure the default time zones and date and time formats	Advanced > Localization
Define rules for grouping alerts and for overflow cases	Advanced > Alerts Grouping
Map IdP groups to SOAR user groups, SOC roles and permission groups	Advanced > IDP Group Mapping
Set up and manage remote agents	Advanced >Remote Agents
Configure the email address from which all SOAR system emails are sent	Advanced > Email Settings
Allow Google Support to access your platform	Advanced > Support Access
View property definitions for ingested data	Data Configuration > Properties Metadata
View statistics on the platform	Data Configuration > Statistics
Manage and configure visual family matches to specific products and events	Ontology > Ontology Status
Manage, edit, and create visual families	Ontology > Visual Families
Define environments in the platform	Environments > Networks
Define domains	Environments > Domains
Define custom lists consisting of users, IPs, and other entities	Environments > Custom Lists
Define email templates to be used in playbooks and other actions	Environments > Email templates
Define email HTML templates to be used in playbooks and other actions	Environments > Email HTML templates
Define entities in alerts that shouldn't be grouped or entities that shouldn't be displayed	Environments > Blocklist
Define SLAs for resolving cases and alerts according to specific SLA triggers	Environments > SLA
Define requests for users to choose from in their workdesk	Environments > Requests
Manage departments that Incident Manager users are associated with	Incident Manager > Departments
Define the users added as collaborators for every incident in the Incident Manager	Incident Manager > Auditors
Define which environments are authorized to have their cases handled in the incident manager	Incident Manager > Environments
Set up connectors to ingest alerts into the platform	Ingestion > Connectors
Set up webhooks to ingest alerts into the platform	Ingestion > Webhooks