Use the IDE

Supported in:

This document explains the Integrated Development Environment (IDE) production mode. The IDE is a framework for viewing, editing, and testing code. You can view the code of commercial integrations and create custom integrations from scratch or by duplicating commercial integrations code.

IDE is where you manage, import and export custom integrations.

Open the IDE

To open the IDE, follow these steps:

  • To open the IDE, in the main menu, go to Response > IDE. The IDE page opens.

On the IDE page, you can access the following options:

Option Description
Integrations
Types
Choose between Integrations or Types (connectors, actions, jobs, managers).
Export
Import
Export individual or multiple items from an integration. Dependent items are included when exporting individual items, but not when exporting a full package.
The exported file is a ZIP archive containing a JSON file. When importing, you can add individual items to an existing integration or import a full package. The package must include an integrations.def file and the folders: ActionsDefinitions, ActionsScripts, Dependencies, and Managers.
Click the Hide Inactive/Show All toggle to Show or Hide deactivated items (actions, connectors).
Add a new custom integration, connector, action, job, or manager.

Add a connector

To add a connector, follow these steps:

  1. Click Create New Item and select Connector.
  2. Enter a name and the required integration.
  3. Click Create.
  4. Add integration details.
  5. Add the required parameters.
  6. Click the Connector toggle to enable the connector.
  7. Click Save when done, or press Ctrl + S.

The following options are available in the Details tab:

Option Description
Delete Available only for items in custom integrations.
Play Runs the script's test method. Results appear in the Testing tab, and debug output appears in the Debug Output section.
file_json Manage JSON sample In the JSON sample import/export dialog, ensure Include JSON Result is enabled. You can then import or export JSON result samples for actions.
DetailsEnter user-supplied input and other parameters, such as integration name.
Version Control Version Control - Select an action/job/connector and click to see the following options: Save as New Version: Save the object as a new version with optional comments. View Version History: View and restore previous versions. Only available if at least one version has been saved. Click Restore to revert to any of the previous versions anytime. This is only available if you have clicked Save as New Version on an action/job/connector/manager previously.
Duplicate item Duplicate an item (job, action, connector, manager). After saving, the duplicate appears in the list without a lock Lock icon.

Create a custom integration

  1. Click Create New Item and select Integration.
  2. Enter a name and click Create.
  3. Select the created integration from the list and provide the following information:
    • Description: appears in the Google Security Operations Marketplace and is visible to all Google SecOps users.
    • SVG icon: upload an SVG icon that appears with the integration.
    • Image: upload a Marketplace image for Google SecOps users.
    • Libraries: add Python libraries using pip.
    • Script dependencies: Upload `.WHL`, `.PY,` `.TAR`, or `.GZ` files. These scripts add more functionality to your integration.
    • Parameter: Add configurable fields with defined types, default values, and required status.
  4. Click Save when done.

Create a job

To create a job, follow these steps:

  1. Click Create New Item and select Job.
  2. Enter a name and the required integration.
  3. Click Create.
  4. Optional: Add parameters for user or script input.
  5. Click Save or press Ctrl + S.
  6. Click arrow_right Play Item to run the script.
  7. Go to Response > Jobs Scheduler.
  8. Click add Create New Job and select the job that you just created.
  9. In Response >Jobs Scheduler, choose the required time to run the job (script) that you created.

Create a new action to be used in a playbook

To create a new action for a playbook, follow these steps:

  1. Click Create New Item and select Action.
  2. Enter a name and the required integration > click Create.
  3. Edit the code as needed.
  4. Enable Include JSON Result if the action should return a JSON result in a playbook.
  5. Optional: Add parameters to display as input fields.
  6. Enable the action and click Save.
  7. In Polling Configuration, you can set a timeout and a default return value if the action times out. You can also set a default value to return if the action doesn't complete within the defined timeout period.

The action is now available for use in Playbook > Actions.

Create a custom manager

To create a custom manager, follow these steps:

  1. Click Create New Item and select Manager. Enter a name and the required integration.
  2. Click Create.
  3. Edit the code as needed.
  4. Click Save.

IDE custom code validation

When working in the Google SecOps IDE, you're building custom code within a managed and secure environment. To ensure the integrity and stability of this platform, the IDE implements custom code validation that restricts the use of specific functions. These restrictions are in place for both security and technical reasons.

The following expressions are restricted in custom code:

  • no_shell = [
    "os.execl",
    "os.execle",
    "os.execlp",
    "os.execlpe",
    "os.execv",
    "os.execve",
    "os.execvp",
    "os.execvpe",
    "os.spawnl",
    "os.spawnle",
    "os.spawnlp",
    "os.spawnlpe",
    "os.spawnv",
    "os.spawnve",
    "os.spawnvp",
    "os.spawnvpe",
    "os.startfile"
    ]

  • shell = [
    "os.system",
    "os.popen",
    "os.popen2",
    "os.popen3",
    "os.popen4",
    "popen2.popen2",
    "popen2.popen3",
    "popen2.popen4",
    "popen2.Popen3",
    "popen2.Popen4",
    "commands.getoutput",
    "commands.getstatusoutput"
    ]

  • subprocess = [
    "subprocess.Popen",
    "subprocess.call",
    "subprocess.check_call",
    "subprocess.check_output"
    ]

Need more help? Get answers from Community members and Google SecOps professionals.