> ## Documentation Index > Fetch the complete documentation index at: https://docs.tracecat.com/llms.txt > Use this file to discover all available pages before exploring further. # Google SecOps Detection Engine > Reference for the Tracecat Google SecOps Detection Engine integration: registered actions, required secrets, expected inputs, and example workflow usage. ## Cancel retrohunt Action ID: `tools.google_secops_detection.cancel_retrohunt` Cancel a running retrohunt operation. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The retrohunt ID to cancel The rule ID ## Create detection rule Action ID: `tools.google_secops_detection.create_rule` Create a new detection rule in Chronicle. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) YARA-L 2.0 rule text ## Create retrohunt Action ID: `tools.google_secops_detection.create_retrohunt` Create a retrohunt to run a rule against historical data. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) End time (RFC 3339 format) The rule ID to run retrohunt for Start time (RFC 3339 format, e.g., '2024-01-01T00:00:00Z') ## Delete detection rule Action ID: `tools.google_secops_detection.delete_rule` Delete a detection rule. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID to delete ## Disable detection rule Action ID: `tools.google_secops_detection.disable_rule` Disable a detection rule to stop live alerting. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID to disable ## Enable detection rule Action ID: `tools.google_secops_detection.enable_rule` Enable a detection rule for live alerting. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID to enable ## Get detection rule Action ID: `tools.google_secops_detection.get_rule` Get detailed information about a specific detection rule. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID (e.g., 'ru\_12345678-1234-1234-1234-123456789012') ## Get retrohunt status Action ID: `tools.google_secops_detection.get_retrohunt` Get the status and results of a retrohunt operation. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The retrohunt ID The rule ID ## Get rule deployment status Action ID: `tools.google_secops_detection.get_rule_deployment` Get the deployment status of a detection rule. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID ## List detection rules Action ID: `tools.google_secops_detection.list_rules` List all detection rules in Chronicle. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) Maximum number of rules to return Default: `100`. Token for pagination Default: `null`. ## List detections for rule Action ID: `tools.google_secops_detection.list_detections` List detections generated by a specific rule. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID to get detections for End time (RFC 3339 format) Default: `null`. Maximum detections to return Default: `100`. Token for pagination Default: `null`. Start time (RFC 3339 format, e.g., '2024-01-01T00:00:00Z') Default: `null`. ## List retrohunts Action ID: `tools.google_secops_detection.list_retrohunts` List all retrohunt operations for a specific rule. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID Maximum retrohunts to return Default: `100`. Token for pagination Default: `null`. ## List rule errors Action ID: `tools.google_secops_detection.list_rule_errors` List compilation or execution errors for a detection rule. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID Maximum errors to return Default: `100`. Token for pagination Default: `null`. ## Update detection rule Action ID: `tools.google_secops_detection.update_rule` Update an existing detection rule. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) The rule ID to update Updated YARA-L 2.0 rule text ## Verify detection rule Action ID: `tools.google_secops_detection.verify_rule` Verify YARA-L rule syntax without creating the rule. ### Secrets Required secrets: * `google_oauth`: OAuth token `GOOGLE_SERVICE_TOKEN`. ### Input fields Chronicle API base URL (e.g., '[https://backstory.googleapis.com](https://backstory.googleapis.com)' for US, '[https://europe-backstory.googleapis.com](https://europe-backstory.googleapis.com)' for EU, '[https://asia-southeast1-backstory.googleapis.com](https://asia-southeast1-backstory.googleapis.com)' for Asia) YARA-L 2.0 rule text to validate