> ## Documentation Index > Fetch the complete documentation index at: https://docs.tracecat.com/llms.txt > Use this file to discover all available pages before exploring further. # Google SecOps SOAR > Reference for the Tracecat Google SecOps SOAR integration: registered actions, required secrets, expected inputs, and example workflow usage. ## Add case tag Action ID: `tools.google_secops_soar.add_case_tag` Add a tag to a Chronicle SOAR case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') The case ID Tag to add to the case Optional alert identifier within the case Default: `null`. ## Assign user to case Action ID: `tools.google_secops_soar.assign_user_to_case` Assign a user or SOC role to a Chronicle SOAR case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') The case ID User ID (GUID) or @RoleName to assign Optional alert identifier within the case Default: `null`. ## Bulk close cases Action ID: `tools.google_secops_soar.bulk_close_cases` Close multiple Chronicle SOAR cases in a single operation. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') List of case IDs to close Comment for all closed cases Close reason enum: 0=Malicious, 1=NotMalicious, 2=Maintenance, 3=Inconclusive, 4=Unknown Root cause description ## Change case stage Action ID: `tools.google_secops_soar.change_case_stage` Change the stage of a Chronicle SOAR case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') The case ID New stage: Triage, Assessment, Investigation, Incident, Improvement, or Research ## Close alert Action ID: `tools.google_secops_soar.close_alert` Close a specific alert within a Chronicle SOAR case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields The alert identifier to close Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') Comment explaining why the alert is being closed Close reason: Malicious, NotMalicious, Maintenance, or Inconclusive Root cause description The case ID where the alert is being closed Alert usefulness: None, NotUseful, or Useful Default: `"None"`. ## Create case comment Action ID: `tools.google_secops_soar.create_case_comment` Add a comment to a Chronicle SOAR case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') The case ID Comment text to add to the case Optional alert identifier Default: `null`. Optional base64-encoded file content Default: `null`. Optional attachment filename Default: `null`. Optional file type (e.g., '.pdf', '.txt') Default: `null`. ## Reopen alert Action ID: `tools.google_secops_soar.reopen_alert` Reopen a previously closed alert in a Chronicle SOAR case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields The alert identifier to reopen Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') The case ID ## Search SOAR cases Action ID: `tools.google_secops_soar.search_cases` Search Chronicle SOAR cases with advanced filtering. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') List of user IDs or @Role names Default: `null`. List of specific case IDs to retrieve Default: `null`. UTC end time (ISO 8601 format). Only used when time\_range\_filter=0 (CUSTOM) Default: `null`. List of environments to filter by Default: `null`. Filter by importance: \['True'] for important cases only Default: `null`. Filter by incident flag: \['True'] for incidents only Default: `null`. Filter by case status (true=closed, false=open, null=all) Default: `null`. Number of results per page (max 100) Default: `50`. List of priorities: Informative, Low, Medium, High, Critical Default: `null`. Page number (0-indexed) Default: `0`. List of stages: Triage, Assessment, Investigation, Incident, Improvement, Research Default: `null`. UTC start time (ISO 8601 format, e.g., '2024-01-01T00:00:00.000Z'). Only used when time\_range\_filter=0 (CUSTOM) Default: `null`. List of case tags to filter by Default: `null`. Predefined time range in days: 0=CUSTOM, 1=LAST\_DAY, 2=LAST\_2\_DAYS, 3=LAST\_3\_DAYS, 4=LAST\_4\_DAYS, 7=LAST\_WEEK, 14=LAST\_2\_WEEKS, 30=LAST\_MONTH, 90=LAST\_3\_MONTHS, 180=LAST\_6\_MONTHS, 365=LAST\_YEAR, 395=LAST\_13\_MONTHS Default: `null`. Search by case title/name (partial match supported) Default: `null`. ## Update alert priority Action ID: `tools.google_secops_soar.update_alert_priority` Update the priority of a specific alert within a case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields The alert identifier The alert name Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') The case ID New priority: -1=Informative, 40=Low, 60=Medium, 80=High, 100=Critical Previous priority (0=Unchanged if unknown) Default: `0`. ## Update case comment Action ID: `tools.google_secops_soar.update_case_comment` Update an existing comment in a Chronicle SOAR case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') Updated comment text The comment ID to update Optional attachment ID to update Default: `null`. Optional updated base64-encoded file content Default: `null`. Optional updated filename Default: `null`. Optional updated file type Default: `null`. ## Update case priority Action ID: `tools.google_secops_soar.update_case_priority` Update the priority of a Chronicle SOAR case. ### Secrets Required secrets: * `google_secops_soar`: required values `GOOGLE_SECOPS_API_KEY`. ### Input fields Chronicle SOAR API base URL (e.g., '[https://your-instance.siemplify-soar.com/api/external/v1](https://your-instance.siemplify-soar.com/api/external/v1)') The case ID Priority: -1=Informative, 40=Low, 60=Medium, 80=High, 100=Critical