The administrator can define a default overview for alerts, which is
displayed on the Cases page in one of the following situations:
The alert doesn't have an attached playbook.
The alert has an attached playbook with customized views per role, but there's no defined view for the user's role. For more information about
customized alert views, see
Define customized alert views from playbook designer.
To define a default view, go to SOAR Settings > Case Data > Views > Default Alert View.
Define widgets on the default alert view
The Default Alert View displays a list of general widgets as well as a set of predefined widgets coming from the marketplace integrations. You can customize the view by dragging the widgets from the left pane into the template on the right. The default widgets include:
Custom Fields Form: Displays custom fields for the analyst to complete with additional information about the alert. Learn how to create custom fields.
Entities Highlights: Displays the highlighted fields for
each entity involved in the alert. There are two ways to highlight a field:
From the Explore page, choose the entity, select a field, and
click Add to highlight. The entity field displays in the
widget.
Go to SOAR Settings > Data Configuration
> Properties Metadata,
select a field, and mark as highlighted. If the field is part of the
entity, it displays in the widget.
Events Table: Displays all alert events and their
properties. Choose up to six fields to display in the table. You
can reorder the table rows and customize default placeholders by
clicking the brackets to the right of the row. You can also add multiple placeholders
in every row.
In the actual display, you can click any of the table rows to open a
side drawer that contains more events details.
HTML: Lets you use HTML code to create insights and inject relevant alert information through placeholders.
You can choose to return safe code without including potentially harmful JavaScript.
When using the Video or Layout 6 presets in the HTML widget, some video sites like YouTube and files.fm aren't supported. You can use Sendspark instead.
Free Text: Lets you add free text to
display in the alert and playbook.
Key Value: Lets you choose specific details
that come from various sources and display them in view.
For example: Key – Product Value – [Alert.Product]
Entities Graph: visually represents the
relationship between the entities, identical to the display you see in the Explore page.
Insights: Contains all insights from the
playbook insights actions, general insights, and other added insights, presented in HTML format.
Pending Actions: Lists all playbook actions pending
user input, letting the analyst to quickly identify tasks needed to keep the playbook running.
Add widgets
Drag a widget from the left side of the screen into the template on the right.
You can rearrange the widgets at any time to achieve the view that you want.
Edit widgets
Click
settings
Configuration in the widget you're editing.
Edit the title, description (the tooltip), and the width
(50% or 100%).
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-02-23 UTC."],[],[]]
