You can set up connectors in various ways, as each connector has its own
configuration. Here are some ways you can define connectors:
Set a static environment:define the environment in theEnvironmentfield in the specific connector on the Google Security Operations platform.
Extract environment dynamically: define the environment in theEnvironment Field Namefield. The environment is extracted from that
field.
Extract environment dynamically + regular expression pattern: define
the option in theEnvironment Regex Patternfield and
the environment is extracted from that field by the regular expression
pattern.
Use third-party multi-tenant mechanism: Define the
environment in theEnvironmentfield using the third-party tenant name. Some
integrations have a built-in, multi-tenant mechanism with a checkbox that lets you set theEnvironmentfield by the third-party tenant name.
In some cases, the extracted environment field value is different from the
Google SecOps environment. For example, theEnvironmentfield isaltostrat.com, while the Google SecOps
environment is calledaltostrat.
Define alias names
To define an alias name, follow these steps:
Go toSOAR Settings>Organization>Environments.
ClickaddAdd Environmentto match the name in the integration
with the name of the environment in the Google SecOps platform.
Troubleshooting
If after the entire process, the connector has no environment or an empty
environment (""), the default overrides the empty result. If the
connector contains values that define an uncreated environment, then alerts
are ingested in the database and playbooks start to run. As soon as the new
environment is created, the cases and playbooks are displayed in the platform.
To stop alerts related to non-existent environments from being ingested into
the database, you can contactGoogle SecOps Supportand request they make the change in the database configuration.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eConnectors in Google Security Operations (SOAR) can have their environments defined statically in the connector's \u003cstrong\u003eEnvironment\u003c/strong\u003e field.\u003c/p\u003e\n"],["\u003cp\u003eEnvironments for connectors can be dynamically extracted from a specified field, either as the full value or through a regular expression pattern, however not all connectors support dynamic extraction through regex.\u003c/p\u003e\n"],["\u003cp\u003eThird party integrations may have multi-tenant mechanisms that allows to set the environment field according to the third party tenant name.\u003c/p\u003e\n"],["\u003cp\u003eAnalysts can create environment aliases in Google Security Operations under \u003cstrong\u003eSOAR Settings > Organization > Environments\u003c/strong\u003e to match environment names from integrations with the platform's environment names.\u003c/p\u003e\n"],["\u003cp\u003eIf a connector has no environment or an empty one, a default environment will be applied, while if the connector contains values that define an uncreated environment, alerts will still be ingested and playbooks will run.\u003c/p\u003e\n"]]],[],null,["Define environments in connectors \nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \n\nYou can set up connectors in various ways, as each connector has its own\nconfiguration. Here are some ways you can define connectors:\n\n- **Set a static environment:** define the environment in the **Environment** field in the specific connector on the Google Security Operations platform.\n- **Extract environment dynamically** : define the environment in the **Environment Field Name** field. The environment is extracted from that field.\n- **Extract environment dynamically + regular expression pattern** : define the option in the **Environment Regex Pattern** field and the environment is extracted from that field by the regular expression pattern. **Note:** Not all connectors support this option.\n- **Use third-party multi-tenant mechanism** : Define the environment in the **Environment** field using the third-party tenant name. Some integrations have a built-in, multi-tenant mechanism with a checkbox that lets you set the **Environment** field by the third-party tenant name.\n\n\nIn some cases, the extracted environment field value is different from the\nGoogle SecOps environment. For example, the **Environment**\nfield is `altostrat.com`, while the Google SecOps\nenvironment is called *altostrat*.\n\nDefine alias names\n\nTo define an alias name, follow these steps:\n\n1. Go to **SOAR Settings \\\u003e Organization\n \\\u003e Environments**.\n2. Click add **Add Environment** to match the name in the integration with the name of the environment in the Google SecOps platform.\n\nTroubleshooting\n\n\nIf after the entire process, the connector has no environment or an empty\nenvironment (`\"\"`), the default overrides the empty result. If the\nconnector contains values that define an uncreated environment, then alerts\nare ingested in the database and playbooks start to run. As soon as the new\nenvironment is created, the cases and playbooks are displayed in the platform.\n\nTo stop alerts related to non-existent environments from being ingested into\nthe database, you can contact [Google SecOps Support](https://console.cloud.google.com/)\nand request they make the change in the database configuration.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
