Google SecOps use cases
Filter documentation by use case.
-
Configure customized schedules for rules Set customized schedules for rules and detections SOC Analyst Security Engineer -
Schedule rule runs Set run frequency for rules and detections SOC Analyst Security Engineer -
Query ingestion metrics Monitor threat landscapes and system health using curated dashboards for ingestion metrics queries SOC Analyst Security Manager -
Query SOAR cases Query SOAR cases dashboards SOC Analyst Security Manager -
Run UDM queries Monitor threat landscapes and system health using curated dashboards for the UDM source type SOC Analyst Security Manager -
Query entities Monitor threat landscapes and system health using curated dashboards for entities SOC Analyst Security Manager -
Query rules and detections Query rules and detections dashboards SOC Analyst Security Manager -
View IoC matches Track and analyze Indicator of Compromise (IoC) matches SOC Analyst Security Manager -
View SOAR case history Review historical data and trends for SOAR cases SOC Analyst Security Manager -
View SOAR playbooks Analyze the usage and effectiveness of SOAR playbooks SOC Analyst Security Manager -
View UDM and datatable queries Explore detailed UDM event data SOC Analyst Security Manager -
Configure calculated fields for SOAR cases Enhance SOAR case data with custom calculated fields SOC Analyst Security Manager -
Manage and configure dashboards Create, edit, and manage native dashboards in Google SecOps SOC Analyst Security Administrator -
Respond to alerts and cases Handle alerts and respond to security cases SOC Analyst -
Explore legacy SOAR reports Learn how to interpret and use SOAR reports SOC Analyst -
Investigate alerts and entity context Investigate alerts by exploring related entity context and timelines SOC Analyst -
Investigate detections in search Use the search interface to find and investigate detections SOC Analyst -
Enable SOAR access Configure and manage user access to SOAR features Security Administrator -
Configure alert overflow Configure SOAR alert overflow mechanisms Security Administrator -
Validate security controls and configurations Validate security control tuning and detect security posture regression Security Administrator Security Engineer -
Configure third-party identity Set up and configure authentication with third-party IdPs Security Administrator -
Understand rule run scheduling Learn about factors affecting rule execution frequency and latency Security Developer Security Engineer -
Monitor ingestion data Learn about data ingestion methods and best practices Security Engineer -
Monitor rule performance Track and improve the effectiveness of detection rules Security Engineer -
Detect threats with unified rules Learn to create and manage unified detection rules Security Engineer -
Ingest and parse log data Learn how logs are ingested and parsed Security Engineer -
Apply YARA-L 2.0 windowing logic Understand windowing logic and time-based correlations in YARA-L rules Security Engineer -
Monitor health of data sources Monitor data ingestion health and troubleshoot issues Security Engineer -
Manage preview features Enable and manage access to Google SecOps preview features Security Manager