View the original SIEM data in a case

Supported in:

Before diving into analysis or remediation, this document explains how you can review the original SIEM data that triggered a case. This includes both high-level alert context and the underlying event details.

Access the original SIEM data in a case

To access the original SIEM data associated with a case, follow these steps:

  1. Go to the required case.
  2. Click the Overview tab. The Overview tab displays the alerts, timeline, extracted entities, and insights that were collected by automation.

View the original event that triggered the alerts

To view the original event that triggered the alerts, follow these steps:

  1. Go to the Events tab.
  2. Click View More. A side drawer opens with all the details associated with the event.

Need more help? Get answers from Community members and Google SecOps professionals.