This document explains the Integrated Development Environment (IDE) production mode.
The IDE is a framework for viewing, editing, and testing code. You can view
the code of commercial integrations and create custom integrations from
scratch or by duplicating commercial integrations code.
IDE is where you manage, import and export custom integrations.
Open the IDE
To open the IDE, follow these steps:
To open the IDE, in the main menu, go to Response > IDE. The IDE page opens.
On the IDE page, you can access the following options:
Option
Description
Integrations Types
Choose between Integrations or Types
(connectors, actions, jobs, managers).
Export Import
Export individual or multiple items from an integration. Dependent items are included when exporting individual items, but not when exporting a full package. The exported file is a ZIP archive containing a JSON file. When importing, you can add individual items to an existing integration or import a full package. The package must include an integrations.def file and the folders: ActionsDefinitions, ActionsScripts, Dependencies, and Managers.
toggle_on
Click the Hide Inactive/Show All toggle to Show or Hide deactivated items (actions, connectors).
add
Add a new
custom integration, connector, action, job, or manager.
Add a connector
To add a connector, follow these steps:
Click addCreate New Item and
select Connector.
Enter a name and the required integration.
Click Create.
Add integration details.
Add the required parameters.
Click the Connector toggle to enable the connector.
Click Save when done, or press Ctrl + S.
The following options are available in the Details tab:
Option
Description
deleteDelete
Available only for items in custom integrations.
play_arrowPlay
Runs the script's test method. Results appear in the Testing tab, and debug output appears in the Debug Output section.
file_json
Manage JSON sample
In the JSON sample import/export dialog, ensure Include JSON Result is enabled. You can then import or export JSON result samples for actions.
Details
Enter user-supplied input and other parameters, such as integration name.
historyVersion Control
Version Control
- Select an action/job/connector and click to see the following options:
Save as New Version: Save the object as a new version with optional comments. View Version History: View and restore previous versions. Only available if at least one version has been saved. Click Restore to revert to any of the previous versions
anytime. This is only available if you have clicked Save as New Version
on an action/job/connector/manager previously.
file_copy Duplicate item
Duplicate an item (job, action, connector, manager). After saving, the duplicate appears in the list without a lock Lock icon.
Create a custom integration
Click addCreate New Item and select Integration.
Enter a name and click Create.
Select the created integration from the list and provide the following information:
Description: appears in the Google Security Operations Marketplace and is visible to all Google SecOps
users.
SVG icon: upload an SVG icon that appears with the integration.
Image: upload a Marketplace image for Google SecOps users.
Libraries: add Python libraries using pip.
Script dependencies: Upload `.WHL`, `.PY,` `.TAR`, or `.GZ` files. These scripts add more functionality to your integration.
Parameter: Add configurable fields with defined types, default values, and required status.
Click Save when done.
Create a job
To create a job, follow these steps:
Click addCreate New Item and select Job.
Enter a name and the required integration.
Click Create.
Optional: Add parameters for user or script input.
Click Save or press Ctrl + S.
Click
arrow_right
Play Item to run the script.
Go to Response > Jobs Scheduler.
Click
add
Create New Job and select the job that you just created.
In Response >Jobs Scheduler, choose the required time to run the job (script) that you created.
Create a new action to be used in a playbook
To create a new action for a playbook, follow these steps:
Click addCreate New Item and select Action.
Enter a name and the required integration > click Create.
Edit the code as needed.
Enable Include JSON Result if the action should return a JSON result in a playbook.
Optional: Add parameters to display as input fields.
Enable the action and click Save.
In Polling Configuration, you can set a timeout and a default
return value if the action times out. You can also set a default value to
return if the action doesn't complete within the defined timeout period.
The action is now available for use in Playbook > Actions.
Create a custom manager
To create a custom manager, follow these steps:
Click addCreate New Item and select Manager. Enter a name and the required integration.
Click Create.
Edit the code as needed.
Click Save.
IDE custom code validation
When working in the Google SecOps IDE, you're building custom
code within a managed and secure environment. To ensure the integrity and
stability of this platform, the IDE implements custom code validation that
restricts the use of specific functions. These restrictions are in place for
both security and technical reasons.
The following expressions are restricted in custom code:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe Integrated Development Environment (IDE) in Google SecOps allows users to view, edit, and test code for both commercial and custom integrations, offering a centralized framework for managing integrations.\u003c/p\u003e\n"],["\u003cp\u003eUsers can manage custom integrations by using the IDE to create, import, and export integration packages, connectors, actions, jobs, and managers to enhance their security operations.\u003c/p\u003e\n"],["\u003cp\u003eThe IDE enables users to create new items, such as connectors, jobs, actions, and managers, and provides options to enable or disable them, and to duplicate or delete items within custom integrations.\u003c/p\u003e\n"],["\u003cp\u003eThe IDE offers testing capabilities, including a "Test" function to execute scripts and review results, and version control options to save new versions, view history, and restore to previous versions of actions, jobs, or connectors.\u003c/p\u003e\n"],["\u003cp\u003eThe IDE allows for the creation of custom integrations, including the ability to specify descriptions, icons, images, libraries, script dependencies, and configurable parameters.\u003c/p\u003e\n"]]],[],null,["# Use the IDE\n===========\n\nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \nThis document explains the Integrated Development Environment (IDE) production mode.\nThe IDE is a framework for viewing, editing, and testing code. You can view\nthe code of commercial integrations and create custom integrations from\nscratch or by duplicating commercial integrations code.\n\nIDE is where you manage, import and export custom integrations.\n\nOpen the IDE\n------------\n\nTo open the IDE, follow these steps:\n\n- To open the IDE, in the main menu, go to **Response \\\u003e IDE** . The **IDE** page opens.\n\nOn the **IDE** page, you can access the following options:\n\nAdd a connector\n---------------\n\nTo add a connector, follow these steps:\n\n1. Click add**Create New Item** and select **Connector**.\n2. Enter a name and the required integration.\n3. Click **Create**.\n4. Add integration details.\n5. Add the required parameters.\n6. Click the **Connector** toggle to enable the connector.\n7. Click **Save** when done, or press `Ctrl + S`.\n\nThe following options are available in the **Details** tab:\n\nCreate a custom integration\n---------------------------\n\n1. Click add**Create New Item** and select **Integration**.\n2. Enter a name and click **Create**.\n3. Select the created integration from the list and provide the following information:\n - **Description**: appears in the Google Security Operations Marketplace and is visible to all Google SecOps users.\n - **SVG icon**: upload an SVG icon that appears with the integration.\n - **Image**: upload a Marketplace image for Google SecOps users.\n - **Libraries**: add Python libraries using pip.\n - **Script dependencies**: Upload \\`.WHL\\`, \\`.PY,\\` \\`.TAR\\`, or \\`.GZ\\` files. These scripts add more functionality to your integration.\n - **Parameter**: Add configurable fields with defined types, default values, and required status.\n4. Click **Save** when done.\n\n| **Note:** You can add jobs, actions, managers, and connectors to your custom integration and use them to push or collect information according to your needs. Simply create a new action and then choose the custom integration. A best practice is to create a \\*\\*Ping\\*\\* action to test the integration in the Google SecOps Marketplace.\n\nCreate a job\n------------\n\nTo create a job, follow these steps:\n\n1. Click add**Create New Item** and select **Job**.\n2. Enter a name and the required integration.\n3. Click **Create**.\n4. Optional: Add parameters for user or script input.\n5. Click **Save** or press `Ctrl + S`.\n6. Click arrow_right **Play Item** to run the script.\n7. Go to **Response \\\u003e Jobs Scheduler**.\n8. Click add **Create New Job** and select the job that you just created.\n9. In **Response \\\u003eJobs Scheduler**, choose the required time to run the job (script) that you created.\n\nCreate a new action to be used in a playbook\n--------------------------------------------\n\nTo create a new action for a playbook, follow these steps:\n\n1. Click add**Create New Item** and select **Action**.\n2. Enter a name and the required integration \\\u003e click **Create**.\n3. Edit the code as needed.\n4. Enable **Include JSON Result** if the action should return a JSON result in a playbook.\n5. Optional: Add parameters to display as input fields.\n6. Enable the action and click **Save**.\n7. In **Polling Configuration**, you can set a timeout and a default return value if the action times out. You can also set a default value to return if the action doesn't complete within the defined timeout period.\n\nThe action is now available for use in **Playbook \\\u003e Actions**.\n\nCreate a custom manager\n-----------------------\n\nTo create a custom manager, follow these steps:\n\n1. Click add**Create New Item** and select **Manager**. Enter a name and the required integration.\n2. Click **Create**.\n3. Edit the code as needed.\n4. Click **Save**.\n\nIDE custom code validation\n--------------------------\n\nWhen working in the Google SecOps IDE, you're building custom\ncode within a managed and secure environment. To ensure the integrity and\nstability of this platform, the IDE implements custom code validation that\nrestricts the use of specific functions. These restrictions are in place for\nboth security and technical reasons. \nThe following expressions are restricted in custom code:\n\n- no_shell = \\[ \n \"os.execl\", \n\n \"os.execle\", \n \"os.execlp\", \n \"os.execlpe\", \n \"os.execv\", \n\n \"os.execve\", \n \"os.execvp\", \n \"os.execvpe\", \n \"os.spawnl\", \n\n \"os.spawnle\", \n \"os.spawnlp\", \n \"os.spawnlpe\", \n \"os.spawnv\", \n\n \"os.spawnve\", \n \"os.spawnvp\", \n \"os.spawnvpe\", \n\n \"os.startfile\" \n \\]\n\n- shell = \\[ \n \"os.system\", \n\n \"os.popen\", \n \"os.popen2\", \n \"os.popen3\", \n \"os.popen4\", \n\n \"popen2.popen2\", \n \"popen2.popen3\", \n \"popen2.popen4\", \n\n \"popen2.Popen3\", \n \"popen2.Popen4\", \n \"commands.getoutput\", \n\n \"commands.getstatusoutput\" \n \\]\n\n- subprocess = \\[ \n\n \"subprocess.Popen\", \n \"subprocess.call\", \n \"subprocess.check_call\", \n\n \"subprocess.check_output\" \n \\]\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
