Create a Widget From an Incident Example - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2024-09-18
Last date published
2024-11-28
Category
Administrator Guide
Solution
Cloud
Retire_Doc
Retiring
Link_to_new_Doc
/r/Cortex-XSOAR/8/Cortex-XSOAR-Cloud-Documentation
Abstract

Example of how to create a widget that shows data about Cortex XSOAR incidents. Run a search query, save results as a widget and add to a dashboard.

In the following example, you need to create a widget that contains:

  • Incidents created in the last 6 months

  • Status: Every status other than closed

  • Category: All categories other than jobs

  • Use Access Investigation - Generic playbook

  1. In the Incidents page, run the following query:

    query_incidents.png
  2. Click create-widget.png.

  3. Type the name (Closed Job Incidents (past 6 months)) and save the query results as a widget:

    quick-chart.png
  4. Add/Edit a dashboard and locate the widget:

    widgets_library.png
  5. Add the widget to the dashboard. If no data is returned, click Use widget’s date range.

    use-widget-date.png