Once you select an alert in the case, you are taken to its Alert Overview tab. If there is only one alert attached to a case, you are taken directly to the Alert Overview tab. 

The Alert Overview tab displays crucial information on the Alert in the form of various widgets. The information displayed obviously depends on the type of Alert. You can also choose to act on information from this tab. 

The Alert View may include the following widgets depending on the View configured:

Alerts table: Here you can see a summary of the Alerts in the Case. You can click on View Details to get more information. If you are a customer of both Chronicle SIEM and Chronicle SOAR, you can click on Explore to be redirected to Chronicle SIEM Asset screen to perform more actions. For more information, click here

Pending Actions: You can view at a glance all the actions waiting for your input in order for the Playbook to carry on running.  

JSON results: You can view a JSON result in the system. 

Entity Highlights—  contains a view of the Entities associated with the alert.

  • If you are a customer of both Chronicle SIEM and Chronicle SOAR, you can click on Explore to be redirected to Chronicle SIEM Asset screen to perform more actions. The screen you land on will depend on the type of entity it is. For more information, click here
  • If you need more in-depth information prior to taking action, click on the Entity and you will be taken to the Entity Explorer Screen to see its full details.
  • If you want to have a quick look prior to taking action, click on Details and a side drawer opens with the Entity's highlights. Users of both Chronicle SIEM and Chronicle SOAR will have the option to click Explore from this side drawer  to enter the Chronicle SIEM relevant screens.
  • If you want to run a specific action on an Entity, you can click on the gear icon and create a Manual Action from here.

Events Table:  you can view all the Alert events and their properties. Click on any of the table rows to open up a side drawer showing more events details. 

HTML:  you can view the HTML code which contains relevant information from the Playbook results. 

Free Text: you can view information that the Admin has defined for you. 

Key Value: you can view specific bits of information that come from various sources and display them in the view. For example: Key- Product Value- [Alert.Product]

Entities Graph: you can view a visual graph and other details of the Case Entities. Click on an entity and a side drawer opens.

The following is an example of an Alert Overview tab.

Note that the display you see in the Alert Overview tab depends on a variety of factors:

  • If there is no playbook attached to the Alert, you will see the Default display as defined by the Admin in the Settings. For more information, see Define Default Alert View (Admin).
  • If there is a Playbook but the customized views don't include your role, you will see the Default display.
  • If the Playbook attached has a specific view for your Role, you will see the customized view. For more information, see Define Customized Alert Views from Playbook Designer.