A test case lets you treat a case like it's in a sandbox: any actions
you perform on its entities don't influence entities in other cases.
Test cases only contain the alert that was created in the event and uses
existing data to populate it. You can use a test case to run the playbook
simulator on or test in the IDE page.
To create a test case, follow these steps:
In the platform, go to the Cases page.
Drill down to the required case and go to the Alert tab.
Click
more_vert
Alert Options on the right side of the Alert tab.
Click Ingest alert as test case in the Alert Options menu.
Select the required environment and click Simulate.
Refresh the page. A test case appears in the Cases Queue or
in the List View table. It's marked with the label Test
in the top right corner of the case card. The test case contains only one
alert.
You can now use this test case in the playbook simulator, or in the
IDE testing page. Note that updating entity properties on a test case
won't influence the entity outside of the test case.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-25 UTC."],[[["Test cases in Google SecOps allow for a sandboxed environment where actions on entities do not affect other cases."],["Test cases are created from existing alerts and only contain the data related to that specific alert."],["You can generate a test case by navigating to the Cases page, selecting an alert, and choosing the \"Ingest alert as test case\" option."],["Test cases can be identified by the \"Test\" label in the top right corner of the Case Card."],["Test cases are useful for running Playbook simulations and testing in the IDE without altering live data."]]],[]]
