Explore the Case Overview Tab

Supported in:

Google SecOps SOAR

When you drill down into a case that contains more than one alert, you'll be directed to the Case Overview tab. This tab provides an overview of all the information related to the case.

Depending on whether you've defined your widgets to display on empty or not, you may find the following widgets in the Case Overview tab:

Custom Fields Form: Enter the relevant information in the custom fields defined. Click Edit to open the form.

Pending Actions: Quickly view all the actions that require your input to keep the playbook running.

Case description: Add any information relevant to the case.

Alerts: View information on all alerts grouped in the case, including name, number of events, and priority.

Insights: Displays all insights from playbook actions, general insights, and any additional insights you added, presented in HTML format.

Entities highlights: Displays the entities associated with the case.

To view more details, click the entity to open the Entity Explorer page.
If you want to have a quick look prior to taking an action, click View More and a side drawer opens with the Entity's highlights.
If you want to run a specific action on an Entity, you can use this shortcut and create a Manual Action from here.

Latest case wall activity: Provides an overview of case wall activities over a selected time period.

Recommendations: suggests similar cases, recommended analysts, and relevant tags for the current case. You can review these similar cases and compare their details with the one you're working on.

Statistics: View the distribution of selected entity fields.

Entities graph: Shows a visual graph of case entity details. Click any entity to view its highlights in a side drawer.

HTML: View HTML code that contains relevant information from playbook results. Optionally, you can return safe code, excluding potentially malicious JavaScript.

Key value: View specific information from various sources; for example, `Key - Product, Value - [Alert.Product]`

Free text: View information defined by the administrator.

Gemini summary: Provides an AI-generated case summary with recommendations for remediation.

Need more help? Get answers from Community members and Google SecOps professionals.