Skip to main content

Hello, 

I am creating a custom alert view for a playbook - which should be available to view for all roles I have in Secops. However, when I view the alert and click on the overview tab , it seems to only show me the "Default Alert View" not the custom one I have created. 

Is there any reason why it is doing this? 

Thanks 

 


@d_patel_dj did your playbook attach to the alert? If so make sure you click the alert to open the view.


There are a few places where views can be configured. The first is the default view for the case and alert. This view configuration is under Settings -> Case Data -> Views.




  • The Default Case View under Settings -> Views is what determines what the Case Overview screen will look like.

  • The Default Alert View under Settings -> Views is what the system uses to build the alert view when a playbook is not attached to a alert or a playbook doesn't have a custom view created for it.


The second place you can configure a view is within the playbook. This view will show up in the alert screen whenever the playbook is attached to an alert. 


In saying this I believe what you are seeing is the Default Case View.

Is this a SCCE instance, or a 'traditional' SecOps?  What is the users's primary role?

I assume you've checked the user is inheriting roles correctly (a good test would be to assign the case to the user's primary Role and check if they can access the case?)

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.