SOAR SDK overview
Supported in:
Use these SOAR SDK resources to build custom integrations, automate playbooks, or interact with the Chronicle API.
As part of SOAR Migration to Google Cloud, SOAR API has been migrated to unified Chronicle API. SOAR SDK is also updated to work for the new Chronicle API while it continues to work for old APIs until its deprecation. Customers can continue to use the SOAR SDK without impact.
Using SOAR SDK resources
Google Security Operations provides the following resources to support your particular use case.
| Resource | Description | When to use this resource |
| Content Hub SOAR SDK Reference | Reference material for Integrations and Out-of-the-box connectors. (left-menu) Content Hub Reference > SOAR SDK |
Understand the schema and capabilities of SOAR integrations. |
| Content Hub SOAR SDK GitHub Repository | Repository of the raw SOAR SDK code, developer samples, and community-contributed tools. | See the full list of functions, access the actual library files, and view practical code examples for your IDE. |
| Chronicle API Client Libraries and SDKs | Specialized tools for programmatic interaction with the broader Google SecOps platform (beyond SOAR). | Use the Chronicle API SDKs in your automation to interact with aspects of the Chronicle API outside of the SOAR module. For example, SIEM features like UDM searches. |
Need more help? Get answers from Community members and Google SecOps professionals.