Manage Your Widget Library - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide
Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-18
Category
Administrator Guide
Abstract

Create, search, and view custom widgets in Cortex XSIAM, or use predefined widgets.

The widget library displays predefined widgets and user-created Custom Cortex Query Language (XQL) widgets. You can include these widgets in your custom dashboards and reports. To access the widget library, navigate to Dashboards & ReportsCustomizeWidget Library.

Create and Edit Custom Widgets Based on XQL Search Queries

  1. In the widget menu, Create custom XQL widget.

  2. Enter a widget Name and Description.

  3. Create an XQL query. Select XQL Helper to view XQL search and schema examples.

  4. Generate the XQL query to display the search results.

    Note

    Cortex Query Language (XQL) queries generated from the widget library do not appear in the Query Center. The results are used only for creating the custom widget.

  5. In the Widget section, define how you want to visualize the results.

  6. (Optional) Add parameters to the query.

    You can use parameter filters to filter widget data on a dashboard or report, and create drilldowns on dashboards. For more information, see Using Dashboard Filters, Inputs, and Drilldowns.

    Note

    • Use the filter stage with parameters prefixed with $.

    • If you specify a single value for a parameter, use the = operator. To specify multiple values for a parameter, use the IN operator.

    • If you Assign Parameters (default values), data is automatically populated when you add the widget to a dashboard or report. Alternatively, you can configure default values when you set up a dashboard or report.

    Parameter filter examples:

    The following XQL query specifies a parameter that can be configured to filter a single value.

    dataset = <dataset> | filter name = $name

    The following XQL query specifies a parameter that can be configured to filter multiple static or dynamic values:

    dataset = <dataset> | filter name IN ($name)

  7. (Optional) Specify a time frame. The default time frame is 1M.

  8. Save widget.

    The custom widget appears in the list of existing widgets.

Search for Custom and Predefined Widgets

  1. Search for a widget or Show widgets according to the widget category.

  2. Select a widget type to display the widget graph type and parameters. By default, Cortex XSIAM displays the widget with Mock Data. Toggle to display your current Real Data.

Edit or Delete Custom Widgets

  1. Identify a custom widget to update or delete.

  2. Select Update widget (pencil-icon.png) or Delete widget from library.

    Note

    Any dashboards or reports that include the widget are affected by the changes.