Create a Widget From an Incident Example - Administrator Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Example of how to create a widget that shows data about Cortex XSOAR incidents. Run a search query, save results as a widget and add to a dashboard.

In the following example, you need to create a widget that contains:

  • Incidents created in the last 6 months

  • Status: Every status other than closed

  • Category: All categories other than jobs

  • Use Access Investigation - Generic playbook

  1. In the Incidents page, run the following query:

    query_incidents.png
  2. Click type the name (Closed Job Incidents with Access Investigation (past 6 months)) and save the query results as a widget:

    quick_definitions_window.png
  3. Add/Edit a dashboard and locate the widget:

    widgets_library.png
  4. Add the widget to the dashboard. If no data is returned, click Use widget’s date range.

    widget_use_date.png