View the original SIEM data in a case

Supported in:

View the original SIEM data in a case

To view the original SIEM data in a case, complete the following steps:

  1. Drill down to the required case.
  2. Click the Overview tab. The Overview tab shows you the alerts, their timeline, extracted entities, and insights that were collected by automation.

View the original event that generated the alerts

To view the original event that generated the alerts, complete the following steps:

  1. Go to the Events tab.
  2. Click View More. A side drawer opens with all the details associated with the event.

Need more help? Get answers from Community members and Google SecOps professionals.