This document explains the Integrated Development Environment (IDE) production mode.
The IDE is a framework for viewing, editing, and testing code. You can view
the code of commercial integrations and create custom integrations from
scratch or by duplicating commercial integrations code.
IDE is where you manage, import and export custom integrations.
Open the IDE
To open the IDE, follow these steps:
To open the IDE, in the main menu, go toResponse>IDE. TheIDEpage opens.
On theIDEpage, you can access the following options:
Export individual or multiple items from an integration. Dependent items are included when exporting individual items, but not when exporting a full package. The exported file is a ZIP archive containing a JSON file. When importing, you can add individual items to an existing integration or import a full package. The package must include an integrations.def file and the folders:ActionsDefinitions,ActionsScripts,Dependencies, andManagers.
Adda new
custom integration, connector, action, job, or manager.
Add a connector
To add a connector, follow these steps:
ClickaddCreate New Itemand
selectConnector.
Enter a name and the required integration.
ClickCreate.
Add integration details.
Add the required parameters.
Click theConnectortoggle to enable the connector.
ClickSavewhen done, or pressCtrl + S.
The following options are available in theDetailstab:
Option
Description
deleteDelete
Available only for items in custom integrations.
play_arrowPlay
Runs the script's test method. Results appear in theTestingtab, and debug output appears in theDebug Outputsection.
file_jsonManage JSON sample
In the JSON sample import/export dialog, ensureInclude JSON Resultis enabled. You can then import or export JSON result samples for actions.
Details
Enter user-supplied input and other parameters, such as integration name.
historyVersion Control
Version Control
- Select an action/job/connector and click to see the following options:Save as New Version: Save the object as a new version with optional comments.View Version History: View and restore previous versions. Only available if at least one version has been saved. Click Restore to revert to any of the previous versions
anytime. This is only available if you have clickedSave as New Versionon an action/job/connector/manager previously.
file_copyDuplicate item
Duplicate an item (job, action, connector, manager). After saving, the duplicate appears in the list without alockLockicon.
Create a custom integration
ClickaddCreate New Itemand selectIntegration.
Enter a name and clickCreate.
Select the created integration from the list and provide the following information:
Description: appears in the Google Security Operations Marketplace and is visible to all Google SecOps
users.
SVG icon: upload an SVG icon that appears with the integration.
Image: upload a Marketplace image for Google SecOps users.
Libraries: add Python libraries using pip.
Script dependencies: Upload `.WHL`, `.PY,` `.TAR`, or `.GZ` files. These scripts add more functionality to your integration.
Parameter: Add configurable fields with defined types, default values, and required status.
ClickSavewhen done.
Create a job
To create a job, follow these steps:
ClickaddCreate New Itemand selectJob.
Enter a name and the required integration.
ClickCreate.
Optional: Add parameters for user or script input.
ClickSaveor pressCtrl + S.
Clickarrow_rightPlay Itemto run the script.
Go toResponse>Jobs Scheduler.
ClickaddCreate New Joband select the job that you just created.
InResponse>Jobs Scheduler, choose the required time to run the job (script) that you created.
Create a new action to be used in a playbook
To create a new action for a playbook, follow these steps:
ClickaddCreate New Itemand selectAction.
Enter a name and the required integration>clickCreate.
Edit the code as needed.
EnableInclude JSON Resultif the action should return a JSON result in a playbook.
Optional: Add parameters to display as input fields.
Enable the action and clickSave.
InPolling Configuration, you can set a timeout and a default
return value if the action times out. You can also set a default value to
return if the action doesn't complete within the defined timeout period.
The action is now available for use inPlaybook>Actions.
Create a custom manager
To create a custom manager, follow these steps:
ClickaddCreate New Itemand selectManager. Enter a name and the required integration.
ClickCreate.
Edit the code as needed.
ClickSave.
IDE custom code validation
When working in the Google SecOps IDE, you're building custom
code within a managed and secure environment. To ensure the integrity and
stability of this platform, the IDE implements custom code validation that
restricts the use of specific functions. These restrictions are in place for
both security and technical reasons.
The following expressions are restricted in custom code:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe Integrated Development Environment (IDE) in Google SecOps allows users to view, edit, and test code for both commercial and custom integrations, offering a centralized framework for managing integrations.\u003c/p\u003e\n"],["\u003cp\u003eUsers can manage custom integrations by using the IDE to create, import, and export integration packages, connectors, actions, jobs, and managers to enhance their security operations.\u003c/p\u003e\n"],["\u003cp\u003eThe IDE enables users to create new items, such as connectors, jobs, actions, and managers, and provides options to enable or disable them, and to duplicate or delete items within custom integrations.\u003c/p\u003e\n"],["\u003cp\u003eThe IDE offers testing capabilities, including a "Test" function to execute scripts and review results, and version control options to save new versions, view history, and restore to previous versions of actions, jobs, or connectors.\u003c/p\u003e\n"],["\u003cp\u003eThe IDE allows for the creation of custom integrations, including the ability to specify descriptions, icons, images, libraries, script dependencies, and configurable parameters.\u003c/p\u003e\n"]]],[],null,["# Use the IDE\n===========\n\nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \nThis document explains the Integrated Development Environment (IDE) production mode.\nThe IDE is a framework for viewing, editing, and testing code. You can view\nthe code of commercial integrations and create custom integrations from\nscratch or by duplicating commercial integrations code.\n\nIDE is where you manage, import and export custom integrations.\n\nOpen the IDE\n------------\n\nTo open the IDE, follow these steps:\n\n- To open the IDE, in the main menu, go to **Response \\\u003e IDE** . The **IDE** page opens.\n\nOn the **IDE** page, you can access the following options:\n\nAdd a connector\n---------------\n\nTo add a connector, follow these steps:\n\n1. Click add**Create New Item** and select **Connector**.\n2. Enter a name and the required integration.\n3. Click **Create**.\n4. Add integration details.\n5. Add the required parameters.\n6. Click the **Connector** toggle to enable the connector.\n7. Click **Save** when done, or press `Ctrl + S`.\n\nThe following options are available in the **Details** tab:\n\nCreate a custom integration\n---------------------------\n\n1. Click add**Create New Item** and select **Integration**.\n2. Enter a name and click **Create**.\n3. Select the created integration from the list and provide the following information:\n - **Description**: appears in the Google Security Operations Marketplace and is visible to all Google SecOps users.\n - **SVG icon**: upload an SVG icon that appears with the integration.\n - **Image**: upload a Marketplace image for Google SecOps users.\n - **Libraries**: add Python libraries using pip.\n - **Script dependencies**: Upload \\`.WHL\\`, \\`.PY,\\` \\`.TAR\\`, or \\`.GZ\\` files. These scripts add more functionality to your integration.\n - **Parameter**: Add configurable fields with defined types, default values, and required status.\n4. Click **Save** when done.\n\n| **Note:** You can add jobs, actions, managers, and connectors to your custom integration and use them to push or collect information according to your needs. Simply create a new action and then choose the custom integration. A best practice is to create a \\*\\*Ping\\*\\* action to test the integration in the Google SecOps Marketplace.\n\nCreate a job\n------------\n\nTo create a job, follow these steps:\n\n1. Click add**Create New Item** and select **Job**.\n2. Enter a name and the required integration.\n3. Click **Create**.\n4. Optional: Add parameters for user or script input.\n5. Click **Save** or press `Ctrl + S`.\n6. Click arrow_right **Play Item** to run the script.\n7. Go to **Response \\\u003e Jobs Scheduler**.\n8. Click add **Create New Job** and select the job that you just created.\n9. In **Response \\\u003eJobs Scheduler**, choose the required time to run the job (script) that you created.\n\nCreate a new action to be used in a playbook\n--------------------------------------------\n\nTo create a new action for a playbook, follow these steps:\n\n1. Click add**Create New Item** and select **Action**.\n2. Enter a name and the required integration \\\u003e click **Create**.\n3. Edit the code as needed.\n4. Enable **Include JSON Result** if the action should return a JSON result in a playbook.\n5. Optional: Add parameters to display as input fields.\n6. Enable the action and click **Save**.\n7. In **Polling Configuration**, you can set a timeout and a default return value if the action times out. You can also set a default value to return if the action doesn't complete within the defined timeout period.\n\nThe action is now available for use in **Playbook \\\u003e Actions**.\n\nCreate a custom manager\n-----------------------\n\nTo create a custom manager, follow these steps:\n\n1. Click add**Create New Item** and select **Manager**. Enter a name and the required integration.\n2. Click **Create**.\n3. Edit the code as needed.\n4. Click **Save**.\n\nIDE custom code validation\n--------------------------\n\nWhen working in the Google SecOps IDE, you're building custom\ncode within a managed and secure environment. To ensure the integrity and\nstability of this platform, the IDE implements custom code validation that\nrestricts the use of specific functions. These restrictions are in place for\nboth security and technical reasons. \nThe following expressions are restricted in custom code:\n\n- no_shell = \\[ \n \"os.execl\", \n\n \"os.execle\", \n \"os.execlp\", \n \"os.execlpe\", \n \"os.execv\", \n\n \"os.execve\", \n \"os.execvp\", \n \"os.execvpe\", \n \"os.spawnl\", \n\n \"os.spawnle\", \n \"os.spawnlp\", \n \"os.spawnlpe\", \n \"os.spawnv\", \n\n \"os.spawnve\", \n \"os.spawnvp\", \n \"os.spawnvpe\", \n\n \"os.startfile\" \n \\]\n\n- shell = \\[ \n \"os.system\", \n\n \"os.popen\", \n \"os.popen2\", \n \"os.popen3\", \n \"os.popen4\", \n\n \"popen2.popen2\", \n \"popen2.popen3\", \n \"popen2.popen4\", \n\n \"popen2.Popen3\", \n \"popen2.Popen4\", \n \"commands.getoutput\", \n\n \"commands.getstatusoutput\" \n \\]\n\n- subprocess = \\[ \n\n \"subprocess.Popen\", \n \"subprocess.call\", \n \"subprocess.check_call\", \n\n \"subprocess.check_output\" \n \\]\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
