Skip to main content
Solved

How to submit a new SOAR integration to the Google Marketplace

  • July 28, 2025
  • 6 replies
  • 121 views
GaurangPatel
Forum|alt.badge.img+3

Hi team,

 

Earlier, we used to send an email to the Google SecOps team for integration submission. However, we now see a new GitHub repository — https://github.com/chronicle/marketplace — being used for this process. We have observed that it contains a different project structure than what we get after exporting an integration from the SecOps instance. Is there a quicker way to convert that into a marketplace-ready integration structure?

 

Any feedback is appreciated.
@cmorris @f3rz ​ @ylandovskyy 

Best answer by talshapir

Hey ​@GaurangPatel, this is indeed the correct command.

The deconstruct flow is still a bit ruff and we’re working on providing more helpful error messages as the errors are indeed dense and hard to understand.

Few points about the deconstruct process:

  • It will not fix your imports to use `soar_sdk.` for SDK imports and `..core.` for core module imports
  • It will not add any dependencies in the pyproject.toml of the integration unless you prepare a requirements.txt file with the main dependencies you want to add (without sub-dependencies)
  • It is recommended to change all file names to snake_case as the new standard, this doesn’t happen in the deconstruction process yet
  • After deconstructing the deconstructed integration will be ready in `repo_root/out/integrations/third_party/your_integration`. Then you can copy it to the integrations folder, and remove the original one after you’re happy with the results. It should generate all the yaml files.
  • About dev dependencies, you’ll need to use uv as instructed [here](https://github.com/chronicle/marketplace/blob/main/packages/README.md), add the SDK as a dev dependency as instructed [here](https://github.com/chronicle/marketplace/blob/main/docs/response_integrations/tools_and_sdk/soar_sdk.md) and integration_testing/pytest to be able to test you integration

If you need specific help regarding a specific issue you can send about it here if you want and I’ll try to help!

6 replies

kentphelps
Staff
Forum|alt.badge.img+11
  • kentphelps
  • Staff
  • July 29, 2025

Is there any content in this document that helps with this question:
https://cloud.google.com/chronicle/docs/soar/marketplace/power-ups/gitsync

GaurangPatel
Forum|alt.badge.img+3
  • GaurangPatelBronze 1
  • Author
  • Bronze 1
  • July 29, 2025

No, it will not work because the integration submission process has changed. The .defination file format has been replaced with .xml, and .toml and other files have also been added. So, we can’t just export the integration from the Google SecOps instance and publish it the way we used to. Now, I don’t know how to convert the integration downloaded from the SecOps instance into the file format mentioned here https://github.com/chronicle/marketplace.

 

@cmorris @f3rz ​ @ylandovskyy  Please help me here!

 

ylandovskyy
Staff
Forum|alt.badge.img+16
  • ylandovskyy
  • Staff
  • July 30, 2025

Hey ​@GaurangPatel ,

We released a special tool for this called mp. This tool is used to deconstruct old format of integration into the new one and vice versa. 

It’s expected that for the Github submissions the new format will be used, when submitting the PR. 

The tool allows you to create the integration and then directly push the code to your SecOps instance for testing, so now you can use your own IDE, build the code there and then test in the SecOps instance.

GaurangPatel
Forum|alt.badge.img+3
  • GaurangPatelBronze 1
  • Author
  • Bronze 1
  • July 30, 2025

@ylandovskyy 

Yes, we are using MP for this purpose. It works fine for generating the build. However, when we try to deconstruct the integration after exporting it from the SecOps instance, we encounter multiple errors and are unable to debug them.

We might be doing something wrong. Currently, we are using the following command, but we’re receiving too many errors. 

`mp build --integration my_integration --deconstruct`

If there is a step-by-step guide or video available, please share it.

Thanks.

 

ylandovskyy
Staff
Forum|alt.badge.img+16
  • ylandovskyy
  • Staff
  • July 30, 2025

@GaurangPatel  Can you provide the errors that you were receiving?

talshapir
Staff
Forum|alt.badge.img+1
  • talshapir
  • Staff
  • Answer
  • July 30, 2025

Hey ​@GaurangPatel, this is indeed the correct command.

The deconstruct flow is still a bit ruff and we’re working on providing more helpful error messages as the errors are indeed dense and hard to understand.

Few points about the deconstruct process:

  • It will not fix your imports to use `soar_sdk.` for SDK imports and `..core.` for core module imports
  • It will not add any dependencies in the pyproject.toml of the integration unless you prepare a requirements.txt file with the main dependencies you want to add (without sub-dependencies)
  • It is recommended to change all file names to snake_case as the new standard, this doesn’t happen in the deconstruction process yet
  • After deconstructing the deconstructed integration will be ready in `repo_root/out/integrations/third_party/your_integration`. Then you can copy it to the integrations folder, and remove the original one after you’re happy with the results. It should generate all the yaml files.
  • About dev dependencies, you’ll need to use uv as instructed [here](https://github.com/chronicle/marketplace/blob/main/packages/README.md), add the SDK as a dev dependency as instructed [here](https://github.com/chronicle/marketplace/blob/main/docs/response_integrations/tools_and_sdk/soar_sdk.md) and integration_testing/pytest to be able to test you integration

If you need specific help regarding a specific issue you can send about it here if you want and I’ll try to help!

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.