Below you'll find a table of contents for the Custom Integrations journey.
Imagine connecting any security tool or service your organization relies on, regardless of platform or API availability. Custom integrations empower you to tailor SOAR to your specific needs, automating even the most niche workflows. Whether it's ingesting data from a custom SIEM or triggering actions in a proprietary vulnerability scanner, the possibilities are endless. Gain an edge on evolving threats by building integrations that seamlessly extend SOAR's reach and optimize your incident response processes. Don't let limitations hinder your security - unlock the full potential of your security ecosystem with custom integrations in Google Chronicle SOAR.
The Integrated Development Environment (IDE) is a framework for viewing, editing, and testing code. It allows you to both view the code of commercial integrations and to create custom integrations from scratch or by duplicating commercial integrations code.
See the Relevant Links section for more documentation regarding the prerequisites.
Navigate to Response > IDE.
Choose what you would like to develop: integrations, connectors, actions, jobs, or managers.
SecOps users can create custom integrations inside the IDE with the same structure as commercial integrations. The custom integrations will appear in the Chronicle Marketplace and can be configured for different environments so they can be used in playbooks, manual actions and remote agents. They can also be imported and exported as with other IDE items.
See the Relevant Links section for more documentation regarding the prerequisites.
In the left navigation, nagivate to Response > IDE.
Click Create New Item and select Integration.
Enter a name and click Create.
SecOps SOAR's custom integrations go beyond pre-built options, enabling you to connect any security tool or service, regardless of compatibility. This lets you automate your specific workflows, even for niche tools or processes. Whether it's ingesting data from a custom SIEM or triggering actions in a proprietary scanner, you can tailor SOAR to your unique needs.
See the Relevant Links section for more documentation regarding the prerequisites.
In the left navigation, nagivate to Response > IDE.
Click Create New Item and select Action.
Enter a name and select the Integration. Click Create.
The Jobs Scheduler page contains default Chronicle jobs, as well as jobs that are created in the IDE and are essentially scripts that can be scheduled to run periodically.
See the Relevant Links section for more documentation regarding the prerequisites.
First, create the job in the IDE. Refer to Using the IDE for more details.
In the left navigation, navigation to Response > Jobs Scheduler. The Jobs Scheduler page is displayed.
Select Create New Job.
Select the job you created in the IDE and click Save.
Enter the scheduler information for when the script should run.
Make sure to click Save.
You can also choose to run the script immediately by clicking Run Now.