Add a widget in the War Room - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2025-01-19
Category
Administrator Guide
Solution
On-prem
Abstract

Add a script-based widget in the War Room in Cortex XSOAR.

You can add a script-based widget in the War Room by running a command. After creating a script in the Scripts page, to add the widget you need to run a command in the War Room.

  1. Create a custom widget using a script.

  2. Go to the War Room and run the command: !<scriptName>

    where <scriptName> is the name of the script you created in step 1.

Example 26. Add a custom widget that returns indicator severity in an incident as a bar chart
  1. Use the following script.

    commonfields:
      id: ee3b9604-324b-4ab5-8164-15ddf6e428ab
      version: 49
    name: IndicatorWidgetBar
    script: |-
      # Constants
      HIGH = 3
      SUSPICIOUS = 2
      LOW = 1
      NONE = 0
    
      indicators = []
      scores = {HIGH: 0, SUSPICIOUS: 0, LOW: 0, NONE: 0}
      incident_id = demisto.incidents()[0].get('id')
    
      foundIndicators = demisto.executeCommand("findIndicators", {"query":'investigationIDs:{}'.format(incident_id), 'size':999999})[0]['Contents']
    
      for indicator in foundIndicators:
          scores[indicator['score']] += 1
    
      data = {
        "Type": 17,
        "ContentsFormat": "bar",
        "Contents": {
          "stats": [
            {
              "data": [
                scores[HIGH]
              ],
              "groups": None,
              "name": "high",
              "label": "incident.severity.high",
              "color": "rgb(255, 23, 68)"
            },
            {
              "data": [
                scores[SUSPICIOUS]
              ],
              "groups": None,
              "name": "medium",
              "label": "incident.severity.medium",
              "color": "rgb(255, 144, 0)"
            },
            {
              "data": [
                scores[LOW]
              ],
              "groups": None,
              "name": "low",
              "label": "incident.severity.low",
              "color": "rgb(0, 205, 51)"
            },
            {
              "data": [
                scores[NONE]
              ],
              "groups": None,
              "name": "unknown",
              "label": "incident.severity.unknown",
              "color": "rgb(197, 197, 197)"
            }
          ],
          "params": {
              "layout": "horizontal"
          }
        }
      }
    
      demisto.results(data)
    type: python
    tags:
    - dynamic-section
    enabled: true
    scripttarget: 0
    subtype: python3
    runonce: false
    dockerimage: demisto/python3:3.7.3.286
    runas: DBotWeakRole
  2. Add the script in the War Room by running the !IndicatorWidgetBar command.

    The custom widget appears in the War Room.

    widget_indicatorsbar.png