This document explains the role of reports in Google Security Operations and how they can be used to track performance, justify investments, and maintain transparency.
Reports are valuable for demonstrating Return on Investment (ROI) to upper management, ensuring accountability to customers, and keeping colleagues informed.
They also provide clear, data-driven insights that support better decision-making.
Google SecOps provides analysts with predefined reports and the
option to create custom ones. You can export and import reports to other
platforms.
The predefined reports include:
Management – SOC Status: A high-level overview of security operations for leadership.
Management – Closed Cases: A summary of resolved cases for performance tracking.
Tier 1 – Open Cases: A view of ongoing cases for Tier 1 analysts.
ROI – Analysts Benchmark: Metrics for evaluating analyst productivity and ROI.
Manage and work with reports
You can generate, schedule, customize, and manage reports in
Google SecOps to monitor SOC performance and demonstrate ROI.
Generate a report
Go toDashboards & Reports>SOAR Reports.
ClickGenerateunder theGenerate Reportcolumn.
In theGenerate reportdialog, select one or more of the following:Environments,Time Frame,File type(PDF or Word).
ClickDownload.
Schedule a report
Select the report you want to schedule.
Select theSchedulertab and clickaddAdd.
In theNew Scheduledialog, click theEnabletoggle to turn on scheduling and enter the required information.
ClickSave.
Add a new report
ClickaddAdd new template.
In theNew report templatedialog, enter a
name, and select aCategoryfrom the menu.
ClickCreate.
The new report appears in the list of reports.
Edit a report
In the list of reports, select the report you want to edit.
Select theEdittab and clickaddAdd.
Choose a format for your report:Editor,Pie Chart,Table, orVertical Bar. A dialog appears based on the selected format.
Enter the required information.
ClickSave.
Generate ROI reports
You can generate a report that shows the return on investment
(ROI) of using Google Security Operations.
To generate a report showing ROI, follow these steps:
Go toDashboards & Reports>SOAR Reports.
Clicklocal_atmLocal ATMand select a report.
Clicksmart_displaySmart Display.
In theGenerate report - Analysts Benchmarkdialog, select one or more of the following:Environments,Time Frame,File type(PDF or Word).
ClickDownload. A Word or PDF document showing the estimated savings from using
Google SecOps is downloaded to your desktop.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eSOAR reports in Google Security Operations help demonstrate ROI and provide transparency to management, customers, and colleagues.\u003c/p\u003e\n"],["\u003cp\u003eGoogle Security Operations provides four predefined reports: Soc Status, Closed Cases, Open Cases, and Analysts Benchmark.\u003c/p\u003e\n"],["\u003cp\u003eReports can be generated on demand, exported, imported, and scheduled for regular delivery.\u003c/p\u003e\n"],["\u003cp\u003eUsers have the ability to create new reports and modify existing reports, using various formats, such as tables, pie charts, and vertical bars.\u003c/p\u003e\n"]]],[],null,["Explore SOAR reports \nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\nThis document explains the role of reports in Google Security Operations and how they can be used to track performance, justify investments, and maintain transparency.\nReports are valuable for demonstrating Return on Investment (ROI) to upper management, ensuring accountability to customers, and keeping colleagues informed.\nThey also provide clear, data-driven insights that support better decision-making.\n\n\nGoogle SecOps provides analysts with predefined reports and the\noption to create custom ones. You can export and import reports to other\nplatforms.\n\nThe predefined reports include:\n\n- **Management -- SOC Status**: A high-level overview of security operations for leadership.\n- **Management -- Closed Cases**: A summary of resolved cases for performance tracking.\n- **Tier 1 -- Open Cases**: A view of ongoing cases for Tier 1 analysts.\n- **ROI -- Analysts Benchmark**: Metrics for evaluating analyst productivity and ROI.\n\n\nManage and work with reports\n\nYou can generate, schedule, customize, and manage reports in\nGoogle SecOps to monitor SOC performance and demonstrate ROI.\n\nGenerate a report\n\n1. Go to **Dashboards \\& Reports \\\u003e SOAR Reports.**\n2. Click **Generate** under the **Generate Report** column.\n3. In the **Generate report** dialog, select one or more of the following: **Environments** , **Time Frame** , **File type** (PDF or Word).\n4. Click **Download** . \n\nSchedule a report\n\n1. Select the report you want to schedule.\n2. Select the **Scheduler** tab and click add **Add** . \n3. In the **New Schedule** dialog, click the **Enable** toggle to turn on scheduling and enter the required information.\n4. Click **Save**.\n\nAdd a new report\n\n1. Click add **Add new template**.\n2. In the **New report template** dialog, enter a name, and select a **Category** from the menu.\n3. Click **Create**.\n\nThe new report appears in the list of reports.\n\nEdit a report\n\n1. In the list of reports, select the report you want to edit.\n2. Select the **Edit** tab and click add **Add**.\n3. Choose a format for your report: **Editor** , **Pie Chart** , **Table** , or **Vertical Bar**. A dialog appears based on the selected format.\n4. Enter the required information.\n| **Note:** When you select **Alerts** or **Cases** , it affects the available options in other fields. For example, if you choose the **Pie Chart** format, the report is based on alerts from products where the case was closed as **malicious** and the root cause was an **external attack**.\n5. Click **Save**.\n\nGenerate ROI reports\n\nYou can generate a report that shows the return on investment\n(ROI) of using Google Security Operations.\n\nTo generate a report showing ROI, follow these steps:\n\n1. Go to **Dashboards \\& Reports \\\u003e SOAR Reports**.\n2. Click local_atm **Local ATM** and select a report. **Note:** This icon is visible only to SOC managers.\n3. Click smart_display **Smart Display**.\n4. In the **Generate report - Analysts Benchmark** dialog, select one or more of the following: **Environments** , **Time Frame** , **File type** (PDF or Word).\n5. Click **Download**. A Word or PDF document showing the estimated savings from using Google SecOps is downloaded to your desktop.\n\n\u003cbr /\u003e\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
