Google SecOps Use Cases
Filter documentation by use case.
I am a...
-
Set customized schedule Set customized schedules for rules and detections SOC Analyst Security Engineer -
Run frequency Run frequency for rules and detections SOC Analyst Security Engineer -
Query ingestion metrics Query ingestion metrics dashboards SOC Analyst Security Manager -
Query SOAR cases Query SOAR cases dashboards SOC Analyst Security Manager -
Query dashboards with UDM Query dashboards with UDM SOC Analyst Security Manager -
Query entities Query dashboards entities SOC Analyst Security Manager -
Query rules and detections Query rules and detections dashboards SOC Analyst Security Manager -
View IOC Matches Dashboard Track and analyze Indicator of Compromise matches SOC Analyst Security Manager -
View SOAR Case History Dashboard Review historical data and trends for SOAR cases SOC Analyst Security Manager -
View SOAR Playbooks Dashboard Analyze the usage and effectiveness of SOAR playbooks SOC Analyst Security Manager -
View UDM Datatable Dashboard Explore detailed UDM event data in a tabular format SOC Analyst Security Manager -
Use Calculated Fields in SOAR Cases Enhance SOAR case data with custom calculated fields SOC Analyst Security Manager -
Manage Native Dashboards Create, edit, and manage native dashboards in Google SecOps SOC Analyst Security Administrator -
Respond to Cases Workflow for handling and responding to security cases SOC Analyst -
Understand SOAR Reports Learn how to interpret and utilize SOAR reports SOC Analyst -
Investigate Alert with Entity Context Investigate alerts by exploring related entity context and timelines SOC Analyst -
Investigate Detections in Search Use the search interface to find and investigate detections SOC Analyst -
Enable SOAR Access Configure and manage user access to SOAR features Security Administrator -
Define Alert Overflow Configure alert overflow settings for SOAR Security Administrator -
Security Validation Validate security controls and configurations Security Administrator Security Engineer -
Configure Third-Party Authentication Set up and configure authentication with third-party IdPs Security Administrator -
Understand Rule Execution Latency Learn about factors affecting rule execution frequency and latency Security Developer Security Engineer -
Ingestion Overview Overview of data ingestion methods and best practices Security Engineer -
Monitor Rule Effectiveness Track and improve the effectiveness of detection rules Security Engineer -
Get Started with Unified Rules Introduction to creating and managing unified detection rules Security Engineer -
Log Ingestion and Parsing Details on how logs are ingested and parsed Security Engineer -
YARA-L Windowing Logic Understand windowing logic and time-based correlations in YARA-L rules Security Engineer -
Data Health Monitoring Dashboard Monitor data ingestion health and troubleshoot issues Security Engineer -
Manage Preview Features Enable and manage access to preview features in Google SecOps Security Manager