--- title: "Google SecOps Integration" slug: "google-secops-integration" updated: 2026-02-13T15:47:13Z published: 2026-02-13T15:47:13Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # Google SecOps Integration Silent Push integrates seamlessly with Google SecOps to empower security teams with advanced threat intelligence. This allows users to enrich events and alerts with contextual data, automate incident investigations, and streamline detection and response processes. By leveraging Silent Push's API, you can perform actions like reputation checks, DNS lookups, certificate retrievals, and more directly within the Google SecOps environment. ## Prerequisites - Active access to a Google SecOps instance. - Valid Silent Push API credentials (API key required). - Familiarity with Google SecOps Marketplace, Response IDE, and case simulation features. ## Installation and Configuration 1. Log in to your Google SecOps dashboard. 2. Navigate to the Google SecOps Marketplace and search for **Silent Push**. ![Overview of Google SecOps Content Hub with highlighted integration options and setup instructions.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-02-13 at 8.38.33 AM.png) 3. Click **Install** to add the Silent Push integration. 4. After installation, click **Configure** and enter the required parameters: - API Key: Your Silent Push API key. - Silent Push Server: The endpoint for Silent Push services (default or custom as provided). ![Configuration screen for Silent Push instance with API key and server details.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-02-13 at 9.16.44 AM.png) 5. Navigate to the **Application Menu**, go to **Response > IDE**,****then search for Silent Push to view the available actions. ![Google SecOps interface showing Silent Push integration options and settings.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-02-13 at 8.39.29 AM.png) ## Set Up Test Cases for Action Execution To test or run actions, create a simulated test case in Google SecOps: 1. From the left dashboard, select **Cases**. ![Google SecOps interface showing the Cases section in the navigation menu.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-02-13 at 8.40.40 AM.png) 2. Click the ** icon to add a new case. ![Google SecOps interface displaying case management options and navigation tools.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-02-13 at 8.41.10 AM.png) 3. Choose **Simulate Cases**, click the ** icon to **Add or Import Case**. 4. Select **Add New Case** and provide details such as: - Source / SIEM Name - Rule Name - Alert Product - Alert Name - Event Name - Additional Alert Fields - Additional Event Fields 5. Click **Save** to create the case. 6. Reopen the **Simulated Cases**list, search for your case, and select it. ![Dialog box for simulating cases with options to select and create alerts.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-02-13 at 9.19.11 AM.png) 7. Click **Create**, choose the environment, and select **Simulate**. 8. Return to the Cases list; your case should now appear. 9. Open the case, click the three-dot menu (⋮), and select **Ingest alert as test case**. 10. The test case is now available in the **Test Case** dropdown for running actions. ## Steps to Run Silent Push Actions 1. In the Response IDE, select the desired Silent Push action from the list. 2. Open the **Testing** panel. ![Form fields for testing parameters including scope, test case, and integration instance.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-02-13 at 8.50.16 AM.png) 3. Select: - Scope: **All Entities** - Test Case: For example, **Silent Push** - Integration Instance: **Default** 4. Enter the mandatory parameters (and optional ones for refinement). 5. Click **Run** to execute. 6. View results in the expandable panel below. ![Output message displaying test results and UUID information from a script execution.](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2026-02-13 at 8.52.40 AM.png) ## Available Actions and Usage Below is a list of key actions with descriptions, required parameters, and execution notes. All actions require the setup above. Optional parameters can enhance filtering or output. - **Add Feed:**Creates a new feed for organizing indicators. - Required: Feed details (e.g., name, type). - Usage: Enter feed parameters and run to add. - **Add Feed Tags:**Adds tags to an existing feed for better organization. - Required: Feed UUID, tags. - Usage: Specify feed and tags; optional for custom filtering. - **Add Indicator**: Adds domains, IPs, or other indicators to a feed. - Required: Feed UUID, indicator value. - Usage: Provide indicator details; optional timestamps or metadata. - **Add Indicator Tags**: Attaches tags to indicators in a feed. - Required: Feed UUID, indicator, tags. - Usage: Useful for classification; optional for bulk operations. - **Density Lookup:**Checks Domain Density on a nameserver to detect suspicious infrastructure. - Required: qtype (e.g., NS), query (nameserver). - Usage: Run with scope and test case; view density metrics in results. - **Forward Padns Lookup**: Performs forward Passive DNS lookups with filters. - Required: qtype (e.g., A), qname (domain). - Usage: Optional filters, such as time range; results show DNS resolution. - **Get ASN Reputation:** Retrieves reputation data for a specific ASN. - Required: asn (e.g., 12345). - Usage: Optional historical data; results include risk scores. - **Get ASN Takedown Reputation**: Fetches takedown history and reputation for an ASN. - Required: asn. - Usage: Helps assess provider reliability. - **Get ASNs for Domain**: Lists ASNs used by a domain's A records in the last 30 days. - Required: Domain name. - Usage: Includes subdomains; useful for tracking infrastructure changes. - **Get Data Exports**: Downloads exported datasets, such as scan results. - Required: feed_url. - Usage: Optional format (e.g., CSV); results provide download links. - **Get Domain Certificates**: Retrieves certificates associated with a domain. - Required: domain. - Usage: Optional validity filters; results list cert details. - **Get Enrichment Data**: Provides enriched info for a domain or resource. - Required: resource (e.g., domain), value. - Usage: Comprehensive context, including Whois and history. - **Get Future Attack Indicator**: Predicts potential attack indicators from a feed. - Required: feed_uuid. - Usage: Proactive threat hunting; optional scoring thresholds. - **Get IPv4 Reputation**: Gets the reputation for an IPv4 address. - Required: IPv4 address. - Usage: Risk assessment; optional historical views. - **Get Nameserver Reputation**: Retrieves the reputation for a nameserver. - Required: nameserver. - Usage: Detects malicious DNS infrastructure. - **Get Subnet Reputation**: Fetches reputation for an IPv4 subnet. - Required: subnet (e.g., 192.168.1.0/24). - Usage: Broad network analysis. - **Get Job Status**: Checks the status or results of a running job. - Required: job_id. - Usage: Monitor asynchronous tasks. - **List Domain Information**: Fetches detailed info for one or more domains. - Required: domains (comma-separated). - Usage: Includes registration, DNS, and more. - **List Domain Infratags**: Lists infrastructure tags for a domain. - Required: feed_url (or domain). - Usage: Categorizes domain attributes. - **List IP Information**: Provides details for IPv4/IPv6 addresses. - Required: IPs (comma-separated). - Usage: Geolocation, ownership, etc. - **Live URL Scan**: Scans a URL for hosted metadata and threats. - Required: URL. - Usage: Real-time analysis; results include content type and risks. - **Ping**: Verifies API connectivity and health. - Required: None. - Usage: Quick health check. ## Troubleshooting Tips - If any action fails, verify the API key and server configuration. - Ensure test cases are properly ingested. - For detailed errors, check the results panel in the Testing tab. - Refer to the [Silent Push API](/v1/docs/silent-push-explore-api-1) documentation for advanced parameter usage. ## The specific feed or collection from which an observable, such as an IP or domain, originates, identifying its data provider. A curated stream of threat intelligence data containing indicators of compromise (IoCs), such as malicious IPs or domains, used to monitor and mitigate cyber threats. Labels or metadata assigned to an indicator to provide additional context, such as its threat type, origin, or behavior. A unique universal identifier assigned to a threat intelligence feed, enabling precise tracking and referencing of the feed within a cybersecurity platform. A feature leveraging passive DNS data to investigate and correlate related threats, such as associated IPs, domains, or other indicators. A metric measuring the number of unique domains associated with a network element (e.g., IP, ASN, nameserver, or MX server), used to detect concentrated malicious activity or infrastructure patterns. A measure of an Autonomous System’s trustworthiness, calculated as the ratio of blacklisted IP addresses to the total active IPs within the ASN over the past 30 days, indicating potential risk levels. Autonomous System Number, a unique numeric identifier assigned to an Autonomous System (AS) for managing IP address routing within and between networks on the internet Publicly available data collected during domain registration or DNS updates, used to analyze domain ownership and history. The network segment associated with an IP address, used to contextualize and analyze related infrastructure.