Run use cases

Supported in:

Google Security Operations provides a repository of legacy use cases that you can deploy in your environment. Download these use cases from the Content Hub. Each use case includes all the components required to run a complete, end-to-end workflow.

Overview

The use case contains all the items needed to implement a workflow and installs the following:

  • Test case (simulation case)
  • Mapping & modeling configuration
  • Integrations
  • Connectors
  • Playbooks

The installed items let you see how an end-to-end security workflow will look in Google SecOps. You can also use them as a starting point for the actual use cases you want to implement.

The Content Hub displays a detailed description of the items in each use case. A video may also be available that demonstrates how to deploy the use case on mock or real data. You must typically configure the integrations in the use case.

After you complete the configuration setup, you can run the test cases on the Cases page..

Deploy the Zero to Hero use case

  1. Open the Content Hub to begin.
    • For Google SecOps (unified) customers, go to the Legacy Use Cases link on the Home page.
    • For Google SecOps SOAR customers, go to the Use Case tab.
  2. Select the Zero to Hero use case and click Run Use Case.
  3. Before you continue, we recommend that you watch the five-minute video tutorial in this use case.
  4. Review samples and downloads:
    • Scroll down this screen to see the two prepared email samples: one malicious and one non-malicious.
    • You can ingest these samples using the Email connector to see how the Zero to Hero use case handles them.
    • Review the list of items to download.
    • Click Next when you're ready to proceed.
  5. Define all relevant fields and parameters to configure the integrations, and then click Next.
  6. Select the alert for simulation. This automatically simulates the case. Click Next.
  7. The Congratulations screen appears. Review the options and then go to the Cases page.
  8. Optional: If you did not select the alert for simulation in the wizard, then navigate to the Cases page in the link, click add and select Simulate Cases.
  9. Select the Zero to Hero case and click Create.
  10. Select the default environment and click Simulate.
  11. Click Refresh. A new case created in Google SecOps, and a playbook is attached to the alert.

Need more help? Get answers from Community members and Google SecOps professionals.