Before diving into analysis or remediation, this document explains how you
can review the original SIEM data that triggered a case. This includes both
high-level alert context and the underlying event details.
Access the original SIEM data in a case
To access the original SIEM data associated with a case, follow these steps:
Go to the required case.
Click the Overview tab. The Overview tab displays the
alerts, timeline, extracted entities, and insights that were collected
by automation.
View the original event that triggered the alerts
To view the original event that triggered the alerts, follow these steps:
Go to the Events tab.
Click View More. A side drawer opens with all the details associated
with the event.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-24 UTC."],[[["\u003cp\u003eUsers can view original SIEM data directly within a case in Google SecOps.\u003c/p\u003e\n"],["\u003cp\u003eThe Overview tab in a case displays alerts, timelines, entities, and insights.\u003c/p\u003e\n"],["\u003cp\u003eThe Events tab allows users to access detailed information about the original event that triggered the alerts by clicking on "View More".\u003c/p\u003e\n"]]],[],null,[]]