Define Default View for Cases (Admin)

Supported in:

The admin can define one single overview for all Cases that will be displayed to all users. This helps create a unified experience which provides the information analysts need at a glance when looking at a case.

The view is defined from Settings > Case Data > Views > Default Case View.

The Default Case View displays the following widgets:

widgetslist
  • Alerts: This widget displays information on all the alerts that are grouped into this case - including name, number of events, and priority.
  • Case Description: This widget enables the analyst when the case is ingested to write a unique description for each case.
  • Entities Highlights: This widget displays the highlighted fields for each entity involved in the alert. �
  • Latest Case Wall Activity:This widget displays the selected case wall activities over a selected period of time.
  • Pending Actions: This Widget lists all playbook actions waiting for user input. The analyst can now see at a glance what they need to do in order for the Playbook to carry on running.
  • Recommendations: This widget displays similar cases and the recommended analysts and tags to assign to the case.
  • Statistics: This widget displays the distribution of selected Entity fields.
  • HTML: In this widget, you can use HTML code for creating insights as well as use placeholders �to 'inject' relevant information from the playbook results. You have the option to return safe code without including potentially malicious JavaScript.
  • Key Value: This widget will allow you to choose specific bits of information that come from various sources and display them in view For example: Key- Product Value- �[Alert.Product]
  • Free Text: This widget enables the user to add free text to be displayed for the Alert/Playbook.
  • Entities Graph: This widget contains a visual graph and other details of the Case Entities.
  • Insights: This widget contains all the Insights from the Playbook insights actions, general insights and any other insights you have added. They will be presented in HTML format.
  • AI Investigation: This widget provides AI-generated Case summary and suggestions for effective remediation. For more information, see AI Investigation Widget.

The page is presented with a default set of widgets already prepared and designed for maximum value. However, you are free to add, remove or edit the widgets as you like.

Add Widgets

To add a widget:

  1. Drag and drop a widget from the left pane into the template on the right.
  2. You can move around the widgets at any stage to present the perfect view.
Edit Widgets

To edit a widget:

  1. Click settings Configuration on the top right.
  2. Edit the title, description (which is actually the tooltip in the Cases page) and the width (50% or 100%).
  3. Click Save. Note that some of the widgets offer extra fields to configure. For example, in the latest wall activity, you can specify the time frame and types of activity.�