View the alert events tab

Supported in:

Google secops SOAR

When you investigate a case, you can access detailed information about individual alerts by drilling down into them.

Alert details

After clicking an individual alert, you'll see multiple tabs with different types of information. One of the most important is the Events tab. This tab provides a list of events and their basic details. It displays the raw data of the selected event and is only visible if an event is connected to the case you're viewing.

Configure an event

To make changes to an event directly on the Events tab, click Configure Event. This action opens the Event Configuration page.

The Event Configuration feature lets you assign visual families to events, providing a graphic visualization of their relationships with other actions. This process ensures events are correctly categorized and contain accurate and complete information.

Event configuration contains the following capabilities:

Visualization: Assign a family to an event. This family acts as a visual map of relationships and entities, giving you the best graphic explanation of what happened. The assigned family appears on the Explore Cases screen.
Mapping: Edit or add specific field information to correct errors or fill in missing data.

For more details on how to configure events, see Configure mapping and assign visual families.

Need more help? Get answers from Community members and Google SecOps professionals.