JSON File Widget Examples - Administrator Guide - 8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
8
Creation date
2023-11-02
Last date published
2024-04-11
Category
Administrator Guide
Solution
Cloud
Abstract

Examples for creating a widget using a JSON file and importing into the Widgets Library in Cortex XSOAR for use in reports and dashboards.

Example 1

In the following example, create a JSON file to display Incidents severity by type, which contains the following:

  • Bar chart

  • Incidents from the last 30 days

  • Grouped by severity and for each severity display the nested group size (count of incidents displayed by the length of the bar) colored according to type.

Create the following JSON file:

{
  "name": "Incident Severity by Type",
  "dataType": "incidents",
  "widgetType": "bar",
  "query": "-category:job and -status:archived and -status:closed",
  "dateRange": {
    "period": {
      "byFrom": "days",
      "fromValue": 30
    }
  },
  "params": {
    "groupBy": [
      "severity",
      "type"
    ]
  }
}

You can see the following parameters:

  • The Widget is called Incident Severity by type.

  • The data type is incidents.

  • The widget type is bar.

  • The query specifies that you do not want to return incidents that are categorized as job nor incidents that are archived and closed.

  • For the date range, the fromValue sets the widget to display the last 30 units of time. The byFrom sets the units of time to days, which results in the last 30 days.

  • The params parameter is set with a groupBy value marking the first group by severity name and then by type (making the bar chart stacked).

After you import the widget into the Widget Library the following widget appears:

widget_incident.png

You can see the incidents are grouped by severity and the number of incidents are displayed by the length of the bar, which are colored according to type.

Example 2

In the next example, create a JSON file to display incidents by type. The widget contains the following:

  • Vertical bar chart

  • Incidents from the last 7 days

  • Grouped by date and type and sorted by date occurred

{
  "dataType": "incidents",
  "widgetType": "column",
  "params": {
    "groupBy": [
      "occurred(d)",
      "type"
    ],
    "valuesFormat": "abbreviated",
    "timeFrame": "days"
  },
  "dateRange": {
    "period": {
      "byFrom": "days",
      "fromValue": 7
    }
  },
  "propagationLabels": [
    "all"
  ],
  "customCalculation": {
    "operation": "count",
    "fieldName": "",
    "expression": ""
  },
  "name": "Change Sort Order In Column Chart - Sort by Date",
  "sort": [{ "field": "occurred", "asc": true }]
}

You can see the following parameters:

  • The Widget is called Change Sort Order In Column Chart - Sort by Date.

  • The data type is incidents.

  • The widget type is column.

  • For the date range, the fromValue sets the widget to display the last 7 units of time. The byFrom sets the units of time to days, which results in the last 7 days.

  • The params parameter is set with a groupBy value marking the first group by occurrence date and then by type (making the column chart stacked).

After you import the widget into the Widget Library the following widget appears:

widget-example2.png