diff --git a/explore-analyze/alerts-cases/cases.md b/explore-analyze/alerts-cases/cases.md
index b9fd210972..4ec4e6c0ee 100644
--- a/explore-analyze/alerts-cases/cases.md
+++ b/explore-analyze/alerts-cases/cases.md
@@ -26,3 +26,13 @@ If you create cases in the {{observability}} or {{security-app}}, they are not v
 * [Configure access to cases](cases/setup-cases.md)
 * [Open and manage cases](cases/manage-cases.md)
 * [Configure case settings](cases/manage-cases-settings.md)
+
+
+::::{note} 
+{applies_to}`stack: ga 9.1` With the appropriate index access, you can [build visualizations and metrics](../../explore-analyze/alerts-cases/cases/visualize-case-data.md) of data in {{observability}}, {{stack-manage-app}}, and {{elastic-sec}} cases. This can provide improved visibility into patterns and trends of cases within your space.
+::::
+
+## Limitations [kibana-case-limitations]
+
+* If you create cases in {{stack-manage-app}}, they are not visible from {{observability}} or the {{security-app}}. Likewise, the cases you create in {{observability}}, they are not visible in {{stack-manage-app}} or {{elastic-sec}}. 
+* You cannot attach alerts from {{observability}} or {{elastic-sec}} to cases in {{stack-manage-app}}.
diff --git a/explore-analyze/alerts-cases/cases/visualize-case-data.md b/explore-analyze/alerts-cases/cases/visualize-case-data.md
new file mode 100644
index 0000000000..07f734d3e1
--- /dev/null
+++ b/explore-analyze/alerts-cases/cases/visualize-case-data.md
@@ -0,0 +1,58 @@
+---
+applies_to:
+  stack: ga
+  serverless: ga
+products:
+  - id: kibana
+---
+
+# Visualize case data [visualize-case-data]
+
+Case data is stored in case analytics indices, which include data from case comments, attachments, and activity. You can query this information to build dashboards and metrics that improve your visibility into case, usage, patterns, and trends.
+
+## About case analytics indices [about-case-analytics-indices]
+
+Case analytics indices and their aliases are automatically generated when{{kib}} starts up. Every five minutes, the indices are updated with a snapshot of most current cases data in your space. Historical cases data is not stored; it gets overwritten whenever the indices are refreshed.
+
+You can begin querying case analytics indices as soon as you have cases in your space. To learn more about fields in the indices, refer to 
+% [Case analytics indices schema](kibana://reference/case-analytics-indices-schema.md) 
+
+| Index    | Alias | Description | 
+| ---------------------------- | ---------------------- |----------------------------------------- | 
+| `.internal.cases`            | `.cases`               | Stores general data related to cases.    | 
+| `.internal.cases-comments`   | `.cases-comments`      | Stores data related to case comments.    | 
+| `.internal.cases-activity`   | `.cases-activity`      | Stores data related to case activity.    | 
+| `.internal.cases-attachments`| `.cases-attachments`   | Stores data related to case attachments (only alerts and files added to the case). | 
+
+## Explore case data [explore-case-analytics-indices]
+
+::::{admonition} Requirements
+To query the case analytics indices, your role must have at least `Read` and `view_index_metadata` access to the indices.
+::::
+
+Search and filter case data in [Discover](../../discover.md) and [Lens](../../visualize/lens.md), and build visualizations for [dashboards](../../dashboards.md). To help you start visualizing your case data, here are some sample {{esql}} queries that you can run from the [{{esql}} editor](../../../explore-analyze/query-filter/languages/esql-kibana.md#esql-kibana-get-started) in Discover.
+
+* Find the total number of cases that are currently open:
+  ```console
+  FROM .internal.cases | STATS count = COUNT(*) BY status | WHERE status  == "open"
+  ```
+
+* Find the total number of cases that are currently in progress:
+  ```console
+  FROM .internal.cases | STATS count = COUNT(*) BY status | WHERE status  == "in-progress"
+  ```
+
+* Find the total number of cases that are closed:
+  ```console
+  FROM .internal.cases | STATS count = COUNT(*) BY status | WHERE status  == "closed"
+  ```
+
+* Find cases that are open and sort them by time, with the most recent at the top:
+  ```console
+  FROM .internal.cases | WHERE status  == "open" | SORT created_at DESC
+  ```
+
+* Find the average time that it takes to close a case:
+  ```console
+  FROM .internal.cases | STATS average_time_to_close = AVG(time_to_resolve)
+  ```
diff --git a/explore-analyze/toc.yml b/explore-analyze/toc.yml
index 0e0de372d3..87afaf3d6b 100644
--- a/explore-analyze/toc.yml
+++ b/explore-analyze/toc.yml
@@ -410,4 +410,5 @@ toc:
           - file: alerts-cases/cases/setup-cases.md
           - file: alerts-cases/cases/manage-cases.md
           - file: alerts-cases/cases/manage-cases-settings.md
+          - file: alerts-cases/cases/visualize-case-data.md   
   - file: numeral-formatting.md
\ No newline at end of file
diff --git a/solutions/observability/incident-management/cases.md b/solutions/observability/incident-management/cases.md
index 632e53d434..0b3901ace8 100644
--- a/solutions/observability/incident-management/cases.md
+++ b/solutions/observability/incident-management/cases.md
@@ -14,4 +14,13 @@ Collect and share information about observability issues by creating a case. Cas
 :::{image} /solutions/images/observability-cases.png
 :alt: Cases page
 :screenshot:
-:::
\ No newline at end of file
+:::
+
+::::{note} 
+{applies_to}`stack: ga 9.1` With the appropriate index access, you can [build visualizations and metrics](../../../explore-analyze/alerts-cases/cases/visualize-case-data.md) of data in {{observability}}, {{stack-manage-app}}, and {{elastic-sec}} cases. This can provide improved visibility into patterns and trends of cases within your space.
+::::
+
+## Limitations [observability-case-limitations]
+
+* If you create cases in {{observability}}, they are not visible from the {{security-app}} or {{stack-manage-app}}. Likewise, the cases you create in {{stack-manage-app}} are not visible in the {{observability}} or {{elastic-sec}}. 
+* You cannot attach alerts from {{elastic-sec}} or {{stack-manage-app}} to cases in {{observability}}.
\ No newline at end of file
diff --git a/solutions/security/investigate/cases.md b/solutions/security/investigate/cases.md
index 79d78162ee..9856616176 100644
--- a/solutions/security/investigate/cases.md
+++ b/solutions/security/investigate/cases.md
@@ -29,10 +29,16 @@ You can also send cases to these external systems by [configuring external conne
 :screenshot:
 :::
 
-::::{note}
-From {{elastic-sec}} in the {{stack}}, you cannot access cases created in {{observability}} or Stack Management.
+::::{note} 
+{applies_to}`stack: ga 9.1` With the appropriate index access, you can [build visualizations and metrics](../../../explore-analyze/alerts-cases/cases/visualize-case-data.md) of data in {{observability}}, {{stack-manage-app}}, and {{elastic-sec}} cases. This can provide improved visibility into patterns and trends of cases within your space.
 ::::
 
+## Limitations [security-case-limitations]
+
+* If you create cases in the {{security-app}}, they are not visible from {{observability}} or {{stack-manage-app}}. Likewise, the cases you create in {{stack-manage-app}} are not visible in {{elastic-sec}} or {{observability}}.
+* You cannot attach alerts from the {{observability}} or {{stack-manage-app}} to cases in {{elastic-sec}}.
+
+