Create a custom widget from an incident search in Cortex XSOAR.
Although there are various out-of-the-box system widgets available, you can create custom widgets from incidents and then add them to a dashboard or report.
To create a widget from an incident, you need to run a query from the Incidents page and then save the visual results as a widget.
In the Incidents page, from the dropdown list select the date range.
In the Query field, type the query criteria as required and run the query.
Click
.
Follow the procedure from Task 2. Define the widget data in Create a widget using the widget builder.
Click Save.
The widget is added to the Widgets Library.
Note
By default, the widget inherits the date range that you specify when creating the widget, but you can modify the date range when you create the dashboard or report. If the date range for the report or dashboard does not include the widget date range, the data is blank. To override the dashboard or report’s date range, click Use Widget’s date range.
In the following example, create a widget that contains:
Incidents created in the last 6 months
Status: Every status other than closed
Category: All categories other than jobs
Use Access Investigation - Generic playbook
In the Incidents page, run the following query:
Click
.
Type the name (Closed Job Incidents (past 6 months)) and save the query results as a widget:
Add/Edit a dashboard and locate the widget:
Add the widget to the dashboard. If no data is returned, click Use widget’s date range.