This document explains how to create and use a test case, which acts like a
sandboxed version of a regular case. Any actions you perform on entities in a
test case don't affect the same entities in other cases. A test case includes
only the alert that triggered the event and is populated using existing data.
You can use it to simulate a playbook or test behavior on the IDE page.
To create a test case, follow these steps:
In the platform, go to the Cases page.
Select the required case and go to the Alert tab.
Click
more_vert
Alert Options next to the Alert tab.
In the Alert Options menu, click Ingest alert as test case.
Select the required environment and click Simulate.
Refresh the page.
A new test case appears in the case queue or list view. It's marked with
the label Test on the case card and contains only one alert.
You can now use the test case in the Playbook Simulator, or the
IDE testing page.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-18 UTC."],[[["\u003cp\u003eTest cases in Google SecOps allow for a sandboxed environment where actions on entities do not affect other cases.\u003c/p\u003e\n"],["\u003cp\u003eTest cases are created from existing alerts and only contain the data related to that specific alert.\u003c/p\u003e\n"],["\u003cp\u003eYou can generate a test case by navigating to the Cases page, selecting an alert, and choosing the "Ingest alert as test case" option.\u003c/p\u003e\n"],["\u003cp\u003eTest cases can be identified by the "Test" label in the top right corner of the Case Card.\u003c/p\u003e\n"],["\u003cp\u003eTest cases are useful for running Playbook simulations and testing in the IDE without altering live data.\u003c/p\u003e\n"]]],[],null,[]]
