Example of creating a widget using a JSON file and importing into the Widgets Library in Cortex XSOAR for use in reports and dashboards.
In the following example, create a JSON file to display incident severity by type, which contains the following:
Bar chart
Incidents from the last 30 days
Grouped by severity and for each severity display the nested group size (count of incidents displayed by the length of the bar) colored according to type.
Create the following JSON file:
{ "name": "Incident Severity by Type", "dataType": "incidents", "widgetType": "bar", "query": "-category:job and -status:archived and -status:closed", "dateRange": { "period": { "byFrom": "days", "fromValue": 30 } }, "params": { "groupBy": [ "severity", "type" ] } }
You can see the following parameters:
The Widget is called Incident Severity by type.
The data type is incidents.
The widget type is bar.
The query specifies that you do not want to return incidents that are categorized as job nor incidents that are archived and closed.
For the date range, the fromValue sets the widget to display the last 30 units of time. The byFrom sets the units of time to days, which results in the last 30 days.
The params parameter is set with a groupBy value marking the first group by severity name and then by type (making the bar chart stacked).
After you import the widget into the Widget Library the following widget appears:
You can see the incidents are grouped by severity and the number of incidents are displayed by the length of the bar, which are colored according to type.
In the next example, create a JSON file to display incidents by type. The widget contains the following:
Vertical bar chart
Incidents from the last 7 days
Grouped by date and type and sorted by date occurred
{ "dataType": "incidents", "widgetType": "column", "params": { "groupBy": [ "occurred(d)", "type" ], "valuesFormat": "abbreviated", "timeFrame": "days" }, "dateRange": { "period": { "byFrom": "days", "fromValue": 7 } }, "propagationLabels": [ "all" ], "customCalculation": { "operation": "count", "fieldName": "", "expression": "" }, "name": "Change Sort Order In Column Chart - Sort by Date", "sort": [{ "field": "occurred", "asc": true }] }
You can see the following parameters:
The Widget is called
Change Sort Order In Column Chart - Sort by Date
.The data type is
incidents
.The widget type is
column
.For the date range, the
fromValue
sets the widget to display the last 7 units of time. ThebyFrom
sets the units of time to days, which results in the last 7 days.The
params
parameter is set with agroupBy
value marking the first group by occurrence date and then by type (making the column chart stacked).
After you import the widget into the Widget Library the following widget appears: