Create a test case

Supported in:

This document explains how to create and use a test case, which acts like a sandboxed version of a regular case. Any actions you perform on entities in a test case don't affect the same entities in other cases. A test case includes only the alert that triggered the event and is populated using existing data. You can use it to simulate a playbook or test behavior on the IDE page.

To create a test case, follow these steps:

  1. In the platform, go to the Cases page.
  2. Select the required case and go to the Alert tab.
  3. Click more_vert Alert Options next to the Alert tab.
  4. In the Alert Options menu, click Ingest alert as test case.
  5. Select the required environment and click Simulate.
  6. Refresh the page.

A new test case appears in the case queue or list view. It's marked with the label Test on the case card and contains only one alert.

You can now use the test case in the Playbook Simulator, or the IDE testing page.

Need more help? Get answers from Community members and Google SecOps professionals.