Skip to main content

We integrated SecOps with other case management solution. Now we are thinking about start using the case management directly on SOAR.

Does anyone can say pros and cons about using SOAR native case management. 

 

Somethings that I've found:

Pros:

- Good escalation options

- SLAs 

- Full compatibility with AI features (MCPs, Agentic...).

 

Cons:

- Limited comment options and features 

- Usability is not good (I'm watching the skillboost series to learn more).

- Didn't find a way to correlate cases

 

Any experiences are welcome.

 

[removed by moderator] we made the shift to SecOps case management about a year ago and your pros and cons are spot on. I’d add the following:

Pros:

  • Centralized Case Management: This was a big one for us, just having all ticket queues go to a central place
  • Automation with the SOAR: Being able to add automation for different ticket types is very useful
  • Enrichment: Being able to add enrichment to the tickets has helped reduce manual effort

Cons:

  • You cannot automatically attach playbooks on case closure which can be annoying
  • Case closure notes are not in Rich text format which means that you have to use the case wall for notes. This is honestly my biggest issue with the case management solution as it really does not lend itself well to closing out cases from an analyst perspective. This also makes auditing a pain.
  • The chat functionality is a gimmick
  • The requests functionality when asking others for help doesn’t have a good way to notify people so it’s basically useless
  • Modifying the case layout requires dev experience for frontend development
  • Pending actions do not prevent a case from being closed
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.