View alert overview tab

Supported in:

Once you select an alert in the case, you're taken to its alert Overview tab. If only one alert attached to the case, you're taken directly to the alert Overview tab. 

Explore tab widgets

The alert Overview tab displays crucial information about the alert in the form of various widgets. The information displayed obviously depends on the type of alert. You can also choose to act on information from this tab. 

The alert view may include the following widgets depending on the view configured:

Alerts table: View a summary of case alerts. Click View Details to see more information. If you're a Google Security Operations customer, click Explore to be redirected to the Asset page to perform more actions. For more information, see Investigation views

Pending Actions: Quickly view all actions awaiting your input to keep the playbook running.  

JSON results: View a JSON result in the system. 

Entity Highlights: View entities associated with the alert.

  • If you're a Google SecOps customer, click Explore to be redirected to the alert Asset page to perform more actions. The page you land on depends on the type of entity. For more information, see Investigation views
  • If you need more detailed information before taking action, click the entity to go to the Entity Explorer page and view its full details.
  • To have a quick look prior to taking action, click View Details and a side drawer opens with the entity's highlights.
  • To run a specific action on an entity, you can click the gear icon and create a manual action from here.

Events Table: View all alert events and their properties. Click any of the table rows to open a side drawer to see events details. 

HTML: View the HTML code that contains relevant information from the playbook results.

Free Text: View Admin-defined information. 

Key Value: View specific details from various sources and display them in the view. For example: Key- Product Value- [Alert.Product]

Entities Graph: View a visual graph and other case entity details. Click an entity and a side drawer opens.

The following is an example of an alert Overview tab.

alertsoverviewtab2

The display you see in the alert Overview tab depends on a variety of factors:

  • If there's no playbook attached to the alert, the default display is defined by the Admin in SOAR Settings. For more information, see Define default alert view.
  • If there's a playbook present, but the customized views don't include your role, your default display appears.
  • If the playbook attached has a specific view for your role, the customized view displays. For more information, see Define customized alert views from playbook designer.