​@arb_15 – Can you please elaborate on what you mean when you say the rules editor lacks proper implementation? In your opinion, what features do you think are missing from the rules editor in Google SecOps? Cheers.

Hi David,

Thanks for reaching out. The ideal solution for me would be incorporating some way to open the IDE in VSCode. The main things we are missing which I would consider “Standard” and necessary for efficient work would be Static Code Analysis (Error Highlighting), A debugger (I.E., A debugger that lets you set breakpoints and inspect the variables in memory.) and full console interactivity (this way we can see the error messages from behind the hood not just generic::unknown etc)

Does that make sense?

I see. Have you looked at the YARA-L extension for VS Code? That provides some syntax highlighting, bracket matching, etc.

It would be nice if you could run a version of the rules engine outside of Google SecOps for rule development, debugging, and testing, but unfortunately, that’s not available.

If you’re interested in validating and testing rules via Google SecOps’ API, our Content Manager tooling makes it easy to do that.

I agree that some of the errors presented in the rules editor could be more human friendly. I will make sure that this feedback reaches the right person here as a +1 from one of our customers.

Ahh, sorry there is a bit of a miscommunication here. I am meaning the SOAR IDE for custom actions!

Haha, no worries. Let me try and find a SOAR expert to chime in here :)

Hey ​@arb_15 ,

We are working on making it an option. Will share details, when there will be updates.

Hiya, thanks for that - glad to hear it. More than happy to take part in any kind of testing you might need :)