Define Default View for Cases (Admin)
The admin can define one single overview for all Cases that will be displayed to all users. This helps create a unified experience which provides the information analysts need at a glance when looking at a case.
The view is defined from the gear icon > Views > Default Case View.
The Default Case View displays the following widgets:
- Alerts: This widget displays information on all the alerts that are grouped into this case - including name, number of events, and priority.
- Case Description: This widget enables the analyst when the case is ingested to write a unique description for each case.
- Entities Highlights: This widget displays the highlighted fields for each entity involved in the alert.
- Latest Case Wall Activity: This widget displays the selected case wall activities over a selected period of time.
- Pending Actions: This Widget lists all playbook actions waiting for user input. The analyst can now see at a glance what they need to do in order for the Playbook to carry on running.
- Recommendations: This widget displays similar cases and the recommended analysts and tags to assign to the case.
- Statistics: This widget displays the distribution of selected Entity fields.
- HTML: In this widget, you can use HTML code for creating insights as well as use placeholders to ‘inject’ relevant information from the playbook results. You have the option to return safe code without including potentially malicious JavaScript.
- Key Value: This widget will allow you to choose specific bits of information that come from various sources and display them in view For example: Key- Product Value- [Alert.Product]
- Free Text: This widget enables the user to add free text to be displayed for the Alert/Playbook.
- Entities Graph: This widget contains a visual graph and other details of the Case Entities.
- Insights: This widget contains all the Insights from the Playbook insights actions, general insights and any other insights you have added. They will be presented in HTML format.
- AI Investigation: This widget provides an AI-generated Case summary and suggestions for effective remediation. For more information, see AI Investigation Widget.
The screen is presented with a default set of widgets already prepared and designed for maximum value. However, you are free to add, remove or edit the widgets as you like. The current default screen will show for all Cases as in the short GIF below.
Add Widgets
To add a widget:
- Drag and drop a widget from the left screen into the template on the right.
- You can move around the widgets at any stage to present the perfect view.
Edit Widgets
To edit a widget:
- Click the Configuration icon on the top right.
- Edit the title, description (which is actually the tooltip in the Cases screen) and the width (50 or 100%)
- Click Save. Note that some of the widgets offer extra fields to configure. For example, in the latest wall activity, you can specify the time frame and types of activity.