Define default view for cases (Admin)

Supported in:

The administrator can define a single overview for all cases displayed on the Cases page. This unified view ensures that all analysts see—and, in some cases, act on—the same essential information at a glance when reviewing a case.

Go to Settings > Case Data > Views > Default Case View.

Access the Default Case View

The Default Case View displays a list of general widgets as well as a set of predefined widgets coming from the marketplace integrations. You can customize the view by dragging the widgets from the left pane into the template on the right.

  • Custom Fields Form: displays custom fields that you have defined for the analyst to fill out with additional information on the case. Learn how to create custom fields.
  • Alerts: displays information on all alerts grouped into the case, including name, number of events, and priority.
  • Case Description: Lets analysts write a unique description for each case.
  • Entities Highlights: This widget displays the highlighted fields for each entity involved in the alert.
  • Latest Case Wall Activity: This widget displays case wall activities over a selected period.
  • Pending Actions: Lists all playbook actions requiring user input, letting analysts quickly see what they need to do to keep the playbook running.
  • Recommendations: Displays similar cases and suggests analysts and tags to assign to the case.
  • Statistics: Displays the distribution of selected entity fields.
  • HTML: Supports HTML code to create insights and inject relevant information from playbook results. Gives the option to return safe code without potentially malicious JavaScript.
  • Key Value: Lets you select and display specific pieces of information from various sources; for example, `Key - Product, Value - [Alert.Product]`.
  • Free Text: This widget lets you add free text to display for the case.
  • Entities Graph: Displays a visual graph and details of the case entities.
  • Insights: Contains all insights from playbook actions, general insights, and manually added insights, displayed in HTML format.
  • Gemini Summary: Provides an AI-generated case summary and remediation suggestions.

Add Widgets

To add a widget:

  1. Drag a widget from the left pane into the template on the right.
  2. You can move around the widgets at any stage to present the perfect view.

Edit widgets

To edit a widget, do the following:

  1. Click settings Configuration at the top right. Some widgets offer additional fields for configuration. For example, in the latest wall activity, you can specify the timeframe and activity types. 
  2. Edit the title, update the tooltip description on the Cases page, and adjust the width (50% or 100%), as needed.
  3. Click Save.

Need more help? Get answers from Community members and Google SecOps professionals.