Create a Widget Using the Widget Builder Examples - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-11-20
End_of_Life
EoL
Category
Administrator Guide
Abstract

Widget use cases when creating a new widget.

Average Time to Close Incidents per Day

In this example we want to create a bar chart widget that shows the following:

  • The average time it takes to close incidents per day

  • Classified according to incident types

  • Incidents that occurred during the previous seven days

  1. In the Widgets Library click the add button.

  2. Select Incident data.

  3. In the Query tab, define the following:

    • Data Type: Incidents

    • Data query: -category:job and -status:Closed.

    • Time frame: Last 7 days

    • Type: Bar chart

  4. In the Operations tab:

    • Change Count to Average.

    • From the dropdown list, select Custom calculations on fields.

    • Type remediationsla.startDate-detectionsla.startDate

    • Group by: Data Occurred

    • Second Group by: Type

    widget-example.png
How Many Incidents Occurred in the Last 7 Days

In this example, we want to view the following data:

  • How many incidents occurred in the last 7 days

  • Closed vs not closed (pending or active)

  • Line chart.

  1. In the Quick Chart definitions window, use the following data:

    widget-ex-quick.png
  2. In the Operations tab, the first group is Date Occurred.

  3. In the second group, from the dropdown list, select status.

  4. Click Custom Group by to add the following data:

    widget-eg.png
Average Time for Open Incidents That are Late

In this example, we want to create the following incident type widget:

  • The average time for open incidents that are late.

  • Grouped by two groups (group A and group B) and by type.

  • In a Bar Chart

  1. In the Query tab, type:

    widget-query.png
  2. In the Operations tab, add the following information:

    1. In the Values section, select Average.

    2. From the dropdown list, click Custom calculations on fields.

    3. Type {now}-remediationsla.dueDate.

      We want to see the average time that incidents are late (from today’s date). We add a variable {now}, so that we do not have to change the date.

    4. In the Group by field, select Owner and then click Custom Group by.

    5. Add the following information:

      widget-group.png
    6. Select the Create and display a group for all remaining values checkbox.

      We have additional users that are not in the groups that we want to see.

    7. In the second group by field, from the dropdown list, select Type.

  3. In the Visuals tab, select the following:

    1. Horizontal options - Axis name: TEAM.

    2. Vertical options - Axis name: REMEDIATION TIME.

      widget-customgroup.png