Create a Widget Using the Widget Builder Examples - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
8
Creation date
2024-02-14
Last date published
2024-04-25
Category
Administrator Guide
Solution
Cloud
Abstract

Widget use cases when creating a new widget.

Average Time to Close Incidents

In this example we want to create a bar chart widget that shows the following:

  • The average time it takes to close incidents per day

  • Classified according to incident types

  • Incidents that occurred during the previous 7 days

  1. Click the add + button from the Widgets Library.

  2. Select Incidents.

  3. Enter a name in the Widget name field.

  4. Click the Bar graph icon.

  5. In the Query tab, define the following:

    Data source: Incidents

    Query: -category:job and -status:Closed

    Date range: Last 7 days

  6. In the Operations tab:

    Change Count to Average.

    From the dropdown list, select Custom calculations on fields.

    Type remediationsla.startDate-detectionsla.startDate

    Group by: Date Occurred

    Second Group by: Type

    widget-example.png
How Many Incidents Over the Last 7 Days

In this example, we want to view the following data:

  • How many incidents occurred in the last 7 days

  • Closed vs not closed (pending or active)

  • Line chart.

  1. Click the add + button from the Widgets Library.

  2. Select Incidents.

  3. Enter a name in the Widget name field.

  4. Click the Line graph icon.

  5. In the Query tab, define the following:

    Data source: Incidents

    Query: -category:job

    Date range: Last 30 days

  6. In the Operations tab, the first group is Date Occurred.

  7. In the second group, from the dropdown list, select status.

  8. Click Custom Group by to add the following data:

    widget-eg.png
Average Time for Open Incidents That are Late.

In this example, we want to create the following incident type widget:

  • The average time for open incidents that are late.

  • Grouped by 2 groups (group A and group B) and by type.

  • In a Bar Chart

  1. Click the add + button from the Widgets Library.

  2. Select Incidents.

  3. Enter a name in the Widget name field.

  4. Click the Bar graph icon.

  5. In the Query tab, define the following:

    Data source: Incidents

    Query: -status:Closed and category:job

    Date range: Last 30 days

  6. In the Operations tab, add the following information:

    1. In the Values section, select Average.

    2. From the dropdown list, click Custom calculations on fields.

    3. Type {now}-remediationsla.dueDate.

      We want to see the average time that incidents are late (from today’s date). We add a variable {now}, so that we do not have to change the date.

    4. In the Group by field, select Owner and then click Custom Group by.

    5. Add the following, using users from your organization.

      widget-group.png

    6. In the Second group by field, from the dropdown list, select Type.

    7. Select the checkbox for Create and display a group for all remaining values and then click Save.

  7. In the Visuals tab, select the following:

    1. Horizontal options - Axis name: TEAM.

    2. Vertical options - Axis name: REMEDIATION TIME.