There seems to be a Default view, with very little information. To find the events that you are looking for, you have to search. For example, the detections section does not show up. You have to type detections. For another connector, you type behavior in the search bar to get the section you want.
Can't there be a show all option for this? When I am working with a new alert type I often want to see all the data presented.
Hey @mccrilb there's the default case view and default alert view.
I am struggling to understand where the detections and connectors piece comes in here. Can you be a little more descriptive with maybe a quick video or screenshots so we can understand your ask better? Thank you.
These two screenshots are all the info that is shown when you look at the event within the alert
If I know the other fields that are there and type 
hem in, then those fields will display
For each connector, you need to know the names of those fields to retrieve the information. It used to be that all the info was presented. For instance, a Crowdstrike connector has different field names than a Chronicle connector.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.