Hello All,
how the default alert/case views for you guys look like? trying to barrow cool ideas from you guys so can create better default views.
Default alert or case views
+5
+1Hi, this is Maya from the digital Customer Experience team at Google.
From the Chronicle team, we would like to recommend our 'Out Of The Box' widget available in some of our integrations and actions. Please find more information here - https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/using-predefined-widgets-in-playbook-views
We also have widgets in usecases, if you want to get some additional inspiration about case widgets, combining information from both the alert and the playbook execution results, here is an example you can look at, please install both usecases and explore their alert overview -
https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#use_cases_3 You may view this video, it goes widget by widget over the Chronicle windows, threats investigation and response overview -
Let me know if this helps!
Thanks,
Maya
+1Hi, this is Maya from the digital Customer Experience team at Google.
From the Chronicle team, we would like to recommend our 'Out Of The Box' widget available in some of our integrations and actions. Please find more information here - https://cloud.google.com/chronicle/docs/soar/respond/working-with-playbooks/using-predefined-widgets-in-playbook-views
We also have widgets in usecases, if you want to get some additional inspiration about case widgets, combining information from both the alert and the playbook execution results, here is an example you can look at, please install both usecases and explore their alert overview -
https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/google-chronicle#use_cases_3 You may view this video, it goes widget by widget over the Chronicle windows, threats investigation and response overview -
Let me know if this helps!
Thanks,
Maya
Hi Maya,
maybe do You know how to add other case view? We have 2 environments and need two case view for each. Is that possible? I found only possibility to create alert view in playbook "view", but sometimes we have aggregated alerts and case view is better option.
Regards
+1Hi Maya,
maybe do You know how to add other case view? We have 2 environments and need two case view for each. Is that possible? I found only possibility to create alert view in playbook "view", but sometimes we have aggregated alerts and case view is better option.
Regards
Hi there,
In "Settings", please pick the "Views" bar, there, you will be able to see the default case and alert views and you will be able to add widgets to the default case view based on specific conditions. Specific widget types contains the option to specify conditions and they are supposed to determine if the widgets are presented or not.
Specifically for your usecase, you can use a condition that checks for the environment name using the placeholder Environment.Name = [your_environment_name].
Please let me know if this helps. Thanks!
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.