When you open a case that contains multiple alerts, you're redirected to the Case Overview tab. This tab provides an overview of all case-related information.
Depending on your widget configuration, you may find the following widgets in the Case Overview tab:
Custom Fields Form: Fill in values for custom fields defined for the case. Click editEdit to open the form.
Pending Actions: Displays actions that require your input to keep the playbook running.
Case description: Add or view a summary of the case.
Alerts: Lists alerts grouped in the case, including their names, event counts, and priority.
Insights: Displays insights generated by playbook actions, general analysis, or manual inputs in HTML format.
Entities highlights: Displays the entities associated with the case, as follows
Click an entity to open the Entity Explorer and view the details.
Click View
More to open a side drawer with the entity details. This can help when you want to view the details before taking an action.
Use this view to launch a manual action directly on the entity.
Latest case wall activity: Displays a timeline of case wall activity for a selected period.
Recommendations: Suggests similar cases, recommended analysts, and relevant tags. You can compare related cases with the current one.
Statistics: Shows distribution graphs for selected entity fields.
Entities graph: Displays a visual graph of case entities. Click any entity to view details in the side drawer.
HTML: Renders HTML content from playbook results. Optionally, restricts JavaScript to show only safe code.
Key value:Displays key-value pairs extracted from alerts or entities (for example, Key: Product, Value: [Alert.Product]).
Free text: Displays unstructured information defined by your administrator.
Gemini Summary: Shows an AI-generated summary with recommendations for remediation.
Quick Actions: A widget lets you run
predefined actions directly from the case Overview tab.
Composite Detections: Available only to
Google SecOps customers who use both SIEM and SOAR. This widget
helps you understand the components of alerts within a case.
For composite alerts (from chained rules), it shows contributing detections, alerts, and their associated Unified Data Model (UDM) events.
For non-composite alerts, it displays UDM events associated with that alert.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThe Case Overview tab in Google SecOps SOAR provides a centralized view of all information related to a specific case containing multiple alerts.\u003c/p\u003e\n"],["\u003cp\u003eThe tab features various widgets such as Custom Fields Form, Pending Actions, Case Description, Alerts, Insights, and Entities highlights, providing context and actionable data.\u003c/p\u003e\n"],["\u003cp\u003eUsers can view and interact with case entities via the Entity Explorer, run actions on them directly, and visualize connections through the Entities graph.\u003c/p\u003e\n"],["\u003cp\u003eThe Case Overview also includes widgets for tracking case activity, getting recommendations on similar cases and analysts, viewing various types of data such as HTML, Key Value, Free Text, and getting an AI-generated summary with remediation advice via Gemini.\u003c/p\u003e\n"],["\u003cp\u003eThe tab offers the Statistics widget which displays the distribution of selected entity fields.\u003c/p\u003e\n"]]],[],null,["# Review case-level data in the Overview tab\n==========================================\n\nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \nWhen you open a case that contains multiple alerts, you're redirected to the **Case Overview** tab. This tab provides an overview of all case-related information.\n\nDepending on your widget configuration, you may find the following widgets in the **Case Overview** tab:\n\n- **Custom Fields Form** : Fill in values for custom fields defined for the case. Click edit**Edit** to open the form.\n- **Pending Actions**: Displays actions that require your input to keep the playbook running.\n- **Case description**: Add or view a summary of the case.\n- **Alerts**: Lists alerts grouped in the case, including their names, event counts, and priority.\n- **Insights**: Displays insights generated by playbook actions, general analysis, or manual inputs in HTML format.\n- **Entities highlights**: Displays the entities associated with the case, as follows\n - Click an entity to open the **Entity Explorer** and view the details.\n - Click **View\n More** to open a side drawer with the entity details. This can help when you want to view the details before taking an action.\n - Use this view to launch a manual action directly on the entity. \n- **Latest case wall activity**: Displays a timeline of case wall activity for a selected period.\n- **Recommendations**: Suggests similar cases, recommended analysts, and relevant tags. You can compare related cases with the current one.\n- **Statistics**: Shows distribution graphs for selected entity fields.\n- **Entities graph**: Displays a visual graph of case entities. Click any entity to view details in the side drawer.\n- **HTML**: Renders HTML content from playbook results. Optionally, restricts JavaScript to show only safe code.\n- **Key value** :Displays key-value pairs extracted from alerts or entities (for example, `Key: Product`, `Value: [Alert.Product]`).\n- **Free text**: Displays unstructured information defined by your administrator.\n- **Gemini Summary**: Shows an AI-generated summary with recommendations for remediation.\n- **Quick Actions:** A widget lets you run predefined actions directly from the case **Overview** tab.\n- **Composite Detections**: Available only to Google SecOps customers who use both SIEM and SOAR. This widget helps you understand the components of alerts within a case.\n - For composite alerts (from [chained rules](/chronicle/docs/detection/rule-chaining)), it shows contributing detections, alerts, and their associated Unified Data Model (UDM) events.\n - For non-composite alerts, it displays UDM events associated with that alert.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
