What's on the alert Overview tab?


Once you select an alert in the case, you are taken to its alert Overview tab. If there is only one alert attached to a case, you are taken directly to the alert Overview tab. 

The alert Overview tab displays crucial information on the alert in the form of various widgets. The information displayed obviously depends on the type of alert. You can also choose to act on information from this tab. 

The alert view may include the following widgets depending on the view configured:

Alerts table: here you can see a summary of the alerts in the case. You can click View Details to get more information. If you are a Google Security Operations customer, you can click Explore to be redirected to the Asset page to perform more actions. For more information, check Investigation views

Pending Actions: you can view at a glance all the actions waiting for your input in order for the playbook to carry on running.  

JSON results: you can view a JSON result in the system. 

Entity Highlights: contains a view of the entities associated with the alert.

  • If you are a Google SecOps customer, you can click Explore to be redirected to the alert Asset page to perform more actions. The specific page you land on depends on the type of entity it is. For more information, refer to Investigation views
  • If you need more in-depth information prior to taking action, click the entity and you are taken to the Entity Explorer page to see its full details.
  • If you want to have a quick look prior to taking action, click View Details and a side drawer opens with the entity's highlights.
  • If you want to run a specific action on an entity, you can click the gear icon and create a Manual Action from here.

Events Table: you can view all the alert events and their properties. Click any of the table rows to open up a side drawer showing more events details. 

HTML: you can view the HTML code which contains relevant information from the playbook results. 

Free Text: you can view information that the Admin has defined for you. 

Key Value: you can view specific bits of information that come from various sources and display them in the view. For example: Key- Product Value- [Alert.Product]

Entities Graph: you can view a visual graph and other details of the case entities. Click an entity and a side drawer opens.

The following is an example of an alert Overview tab.


The display you see in the alert Overview tab depends on a variety of factors:

  • If there is no playbook attached to the alert, the default display, as defined by the Admin in SOAR Settings, is displayed. For more information, see Define Default Alert View (Admin).
  • If there is a playbook but the customized views don't include your role, your default display appears.
  • If the playbook attached has a specific view for your role, the customized view is displayed. For more information, see Define Customized Alert Views from Playbook Designer.