View alert overview tab

Supported in:

Once you select an alert in a case, you're taken to its alert Overview tab. If only one alert is attached to the case, you're taken directly to the alert Overview tab. 

Explore tab widgets

The alert Overview tab displays important information about the alert in the form of various widgets. The information displayed depends on the type of alert. You can also take action based on the information in this tab. 

The alert view may include the following widgets depending on the view configured:

  • Alerts table: View a summary of case alerts. Click View Details to see more information. If you're a Google Security Operations customer, click Explore to be redirected to the Asset page to perform more actions. For more information, see Investigation views.
  • Custom fields form: You need to enter the relevant information in the custom fields defined here. Click Edit to open the form.
  • Pending actions: Quickly view all actions that require your input to keep the playbook running.
  • JSON results: View a JSON result in the system.
  • Entity highlights: View entities associated with the alert.
    • If you're a Google SecOps customer, click Explore to be redirected to the alert Asset page to perform more actions. The page you land on depends on the type of entity. For more information, see Investigation views.
    • If you need more detailed information before taking action, click the entity to go to the Entity Explorer page and view its full details.
    • To have a quick look prior to taking action, click View Details and a side drawer opens with the entity's highlights.
    • To run a specific action on an entity, you can click settings Manual Action and create a manual action from here.
  • Events table: View all alert events and their properties. Click any of the table rows to open a side drawer to see events details.
  • HTML: View the HTML code that contains relevant information from the playbook results.
  • Free text: View administrator-defined information.
  • Key value: View and display specific details from various sources; for example, 
    Key-Product Value- [Alert.Product]
  • Entities Graph: View a visual graph and other case entity details. Click an entity and a side drawer opens.

The display you see in the alert Overview tab depends on a variety of factors:

  • If there's no playbook attached to the alert, the default display is defined by the administrator in SOAR Settings. For more information, see Define default alert view.
  • If there's a playbook present, but the customized views don't include your role, your default display appears.
  • If the playbook attached has a specific view for your role, the customized view displays. For more information, see Define customized alert views from playbook designer.

Need more help? Get answers from Community members and Google SecOps professionals.