Explore the Case Overview tab

When you drill down into a case that contains more than one alert, you'll be directed to the Case Overview tab. This tab provides an overview of all the information related to the case.

Depending on whether you've defined your widgets to display on empty or not, you may find the following widgets in the Case Overview tab: 

Custom Fields Form: Enter the relevant information in the custom fields defined. Click editEdit to open the form.

Pending Actions: Quickly view all the actions that require your input to keep the playbook running.

Case description: Add any information relevant to the case.

Alerts: View information on all alerts grouped in the case, including name, number of events, and priority.

Insights: Displays all insights from playbook actions, general insights, and any additional insights you added, presented in HTML format.

Entities highlights: Displays the entities associated with the case. 

• To view more details, click the entity to open the Entity Explorer page.
• If you want to have a quick look prior to taking an action, click View More and a side drawer opens with the Entity's highlights.
• If you want to run a specific action on an Entity, you can use this shortcut and create a Manual Action from here.
  

Latest case wall activity: Provides an overview of case wall activities over a selected time period.

Recommendations: suggests similar cases, recommended analysts, and relevant tags for the current case. You can review these similar cases and compare their details with the one you're working on.

Statistics: View the distribution of selected entity fields. 

Entities graph: Shows a visual graph of case entity details. Click any entity to view its highlights in a side drawer.

HTML: View HTML code that contains relevant information from playbook results. Optionally, you can return safe code, excluding potentially malicious JavaScript.

Key value: View specific information from various sources; for example, `Key - Product, Value - [Alert.Product]`

Free text: View information defined by the administrator.

Gemini Summary: Provides an AI-generated case summary with recommendations for remediation.

Quick Actions: This widget lets you quickly execute predefined actions directly from the Case Overview.

Composite Detections: Available only to Google SecOps customers who use both SIEM and SOAR. This widget helps you understand the components of alerts within a case. For composite alerts (generated by chained rules), the widget displays the contributing detections and alerts, along with their detailed UDM events. For single, non-composite alerts, it shows the specific UDM events associated with that alert. This lets you examine the structure of an alert and its causes.