Using the Google Security Operations Marketplace
The Google Security Operations Marketplace acts as the customer's toolbox, holding a wide range of utilities and options to choose from, including:
Integrations: includes integrations to third party applications and custom integrations that you have built in the IDE. In all cases you need to install them in this screen and then for those that need advanced configuration, you need to configure them in the Integrations screen via the Gear icon.
Use Cases: These are pre-built playbook workflows to integrate into the organizational security products for automated IR process and to optimize your Google Security Operations installation. They include predefined use cases from Google Security Operations and customer uploaded use cases to either test drive Google Security Operations functionality or incorporate into your own use cases.
Power Ups: including tools created by Google Security Operations Professional Services that enhance customers' ability to automate processes for more efficient Playbooks.
Integrations
There are three types of integrations you can see in the Google Security Operations Marketplace:
- Commercial – integrations to third party applications which have been developed by Google Security Operations – including new and updated ones
- Community – integrations published by users (which have been validated by Google Security Operations and which will appear with user details next to them)
- Custom – integrations which you have created and which are only displayed on your Google Security Operations Marketplace
Filtering Integrations
You can display the Integrations according to integration type (for example, show custom integrations, published by users) or by status (for example, installed, available update).
Integrations that have not been installed yet will have a downwards arrow on the bottom right of the box.
Click on this to successfully install the integration. For detailed information on installing and configuring an Integration, see here.
Use Cases
Use Cases enhance your ability to shorten the time to value and to see how Google Security Operations experts or community users are tackling a specific attack or any other SOC challenge.
Each Use Case contains relevant items such as integrations, Playbooks etc. in order to simulate an entire workflow from end-to-end. After deploying one of these use cases, you can choose to Simulate it in the Cases tab. In addition, you can configure the Connector, and/or edit the Playbook, of a predefined Use Cases and run it on real data.
The following actions can be carried out from this screen:
Create New Use Case: You can create your own Use Case with playbook/s, test case/s and connector/s. Click Save to save locally it in your
Google Security Operations Marketplace only. You can also export it.
Publish Use Case: Click on this option to have your Use Case published for all users. Once it's uploaded, it's sent to a dedicated Google Security Operations team who will analyze it and add it to the Use Case repository for all customers and community members to use. The goal of this option is to encourage all our customers to share playbooks and use cases that can help others out with their Google Security Operations journey. You can alter your photo and user details here before sending it. These identifiers will be published for all users.
Import Use Case: Useful for importing from other platforms such as Staging.
Power Ups
These Google Security Operations tools enable users to enhance their Playbooks with various actions. The power ups do not need any special configuration as they are in-house Google Security Operations actions. New power ups will be pushed to the Google Security Operations Marketplace all the time. Click on the Read More in each power up to see what they contain.
Integrations Configure
-
There is an option to configure each integration under a default environment
by clicking
after you downloaded the integration. -
Click
to open
the configuration window and will present all the fields related to the
integration that are required to configure for successful connection to the
product. -
If you would like to configure an integration under a different instance,
navigate to the Integrations > Shared Instances and choose the instance
you would like to configurelCasesToView the integration to.