Add a Custom Widget in the War Room - Administrator Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Add a custom script based widget in the War Room using an automation script in Cortex XSOAR.

You can add a custom widget in the War Room using an automation script. After creating the script in the Automation page, to add a custom script based widget, you need to run a command in the War Room.

  1. Create a Custom Widget Using an Automation Script.

  2. Go to the War Room and run the following command:

    !<scriptName>

    where scriptName is the name of the automation script you created in step 1.

In the following example, you need to add a custom widget that shows you the severity of the indicators in an incident, as a bar chart.

Use the following script:

commonfields:
  id: ee3b9604-324b-4ab5-8164-15ddf6e428ab
  version: 49
name: IndicatorWidgetBar
script: |-
  # Constants
  HIGH = 3
  SUSPICIOUS = 2
  LOW = 1
  NONE = 0

  indicators = []
  scores = {HIGH: 0, SUSPICIOUS: 0, LOW: 0, NONE: 0}
  incident_id = demisto.incidents()[0].get('id')

  foundIndicators = demisto.executeCommand("findIndicators", {"query":'investigationIDs:{}'.format(incident_id), 'size':999999})[0]['Contents']

  for indicator in foundIndicators:
      scores[indicator['score']] += 1

  data = {
    "Type": 17,
    "ContentsFormat": "bar",
    "Contents": {
      "stats": [
        {
          "data": [
            scores[HIGH]
          ],
          "groups": None,
          "name": "high",
          "label": "incident.severity.high",
          "color": "rgb(255, 23, 68)"
        },
        {
          "data": [
            scores[SUSPICIOUS]
          ],
          "groups": None,
          "name": "medium",
          "label": "incident.severity.medium",
          "color": "rgb(255, 144, 0)"
        },
        {
          "data": [
            scores[LOW]
          ],
          "groups": None,
          "name": "low",
          "label": "incident.severity.low",
          "color": "rgb(0, 205, 51)"
        },
        {
          "data": [
            scores[NONE]
          ],
          "groups": None,
          "name": "unknown",
          "label": "incident.severity.unknown",
          "color": "rgb(197, 197, 197)"
        }
      ],
      "params": {
          "layout": "horizontal"
      }
    }
  }

  demisto.results(data)
type: python
tags:
- dynamic-section
enabled: true
scripttarget: 0
subtype: python3
runonce: false
dockerimage: demisto/python3:3.7.3.286
runas: DBotWeakRole

Create a new automation by adding the script and then in the War Room run the !IndicatorWidgetBar command.

The custom widget appears in the War Room.

widget_indicatorsbar.png