Create a widget from an incident - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2025-01-15
Category
Administrator Guide
Solution
On-prem
Abstract

Create a custom widget from an incident search in Cortex XSOAR.

Although there are various out-of-the-box system widgets available, you can create custom widgets from incidents and then add them to a dashboard or report.

To create a widget from an incident, you need to run a query from the Incidents page and then save the visual results as a widget.

  1. In the Incidents page, from the dropdown list select the date range.

  2. In the Query field, type the query criteria as required and run the query.

  3. Click create-widget-2.png.

  4. Follow the procedure from Task 2. Define the widget data in Create a widget using the widget builder.

  5. Click Save.

    The widget is added to the Widgets Library.

    Note

    By default, the widget inherits the date range that you specify when creating the widget, but you can modify the date range when you create the dashboard or report. If the date range for the report or dashboard does not include the widget date range, the data is blank. To override the dashboard or report’s date range, click Use Widget’s date range.

Example 25. Create a widget from an incident example

In the following example, create a widget that contains:

  • Incidents created in the last 6 months

  • Status: Every status other than closed

  • Category: All categories other than jobs

  • Use Access Investigation - Generic playbook

  1. In the Incidents page, run the following query:

    query_incidents.png
  2. Click create-widget.png.

  3. Type the name (Closed Job Incidents (past 6 months)) and save the query results as a widget:

    quick-chart.png
  4. Add/Edit a dashboard and locate the widget:

    widgets_library.png
  5. Add the widget to the dashboard. If no data is returned, click Use widget’s date range.

    use-widget-date.png