Add SOAR dashboard widgets

Supported in:

Widgets display data related to the Security Operations Center (SOC) status, derived from the cases, alerts, and playbooks. This widget demonstrates the efficiency of Alert grouping by displaying the percentage of alerts that have been grouped into cases, thereby reducing the number of individual alerts requiring investigation.

For example, the Alert Reduction widget shows how many cases in comparison to alerts have been created. The formula is 1 - ( Cases / Alerts ) * 100%. Therefore, if you have 4 alerts grouped into 3 cases, alerts have been reduced by 25% since there are 3 cases instead of 4.

After adding a dashboard, add the widgets needed per your requirement. You can add up to 12 widgets in a dashboard. To add a widget to a SOAR dashboard:

  1. Click the add Add icon on the dashboard or the add Add icon at the top right corner of the system.
  2. On the Widget Settings window, configure these settings:
    1. In Title, enter a meaningful title for the new widget. This step is mandatory. The time and environment you specified while creating the dashboard applies to all widgets of that dashboard. These fields are auto-populated below the widget title.
    2. Choose a Widget Width as required.
    3. In the left pane, from the list, select the type of data display to use. Options include Pie Chart (the default), Horizontal Bar graph, Vertical Bar graph, and Table. By default, the data display is in the form of a Pie Chart. Other forms you can select are Horizontal Bar graph, Vertical Bar graph and Table.
    4. For the chosen data display type, specify its corresponding fields in the left pane as required.
      For example: If you select Pie Chart, its corresponding fields are Number of, Calculate field, Group by, Number of Results and Order by. For more information about the data display type and corresponding fields, see Data display forms and fields.
      Depending on whether you choose Cases or Alerts, the Group By options display differently.
    5. In the Filters pane to the right, select all the filters you need to display the data. If the filter you're looking for isn't in the top 15 list, you can search for it and add it manually.
  3. Click Save. The new widget with the specified data form, parameters and filters, is added to the dashboard.
    addwidgets

Data display forms and fields

Data Display Form Fields
Pie Chart
  • Number of
  • Calculate field
  • Group by
  • Number of Results
  • Order by
Horizontal Bar Graph
  • Number of
  • Calculate field
  • Group by
  • Number of Results
  • Order by
Vertical Bar Graph
  • Number of
  • Calculate field
  • Group by
  • Number of Results
  • Order by
Table
  • Number of
  • Calculate field
  • Axis A
  • Axis B
Number of Group by Fields
If you choose Alerts
  • Entity Identifier
  • Environment
  • Network
  • Playbook
  • Product
  • Rule Name
If you choose Cases 
  • Analyst
  • Environment
  • Importance
  • Priority
  • Tag
  • Stage
If you choose Playbooks 
  • Playbook Name
  • Environment
  • Blocks