Add SOAR Dashboard widgets

Supported in:

Widgets display data related to the Security Operations Center (SOC) status, derived from cases, alerts, and playbooks. This widget demonstrates the efficiency of alert grouping by displaying the percentage of alerts that have been grouped into cases, thereby reducing the number of individual alerts requiring investigation.

For example, the Alert Reduction widget shows the ratio of cases to alerts. The formula is 1 - ( Cases / Alerts ) * 100%. Therefore, four alerts are grouped into three cases, the number of alerts that require investigation is reduced by 25% since there are three cases instead of four.

After adding a dashboard, add the widgets needed per your requirement. You can add up to 12 widgets in a dashboard.

Add a widget to a SOAR dashboard

  1. Go to Dashboards & Reports > SOAR Dashboards
  2. Click add Add Widget.
  3. In the Widget Settings dialog that appears, enter a meaningful title for the new widget. This step is mandatory. The time and environment you specify when creating the dashboard applies to all widgets of that dashboard. These fields are auto-populated based on the selection in the dashboard the widgets are being added to.
  4. Choose a Widget Width.
  5. Select the form of the data display.

    By default, the data display is in the form of a Pie Chart. Other forms you can select include Horizontal Bar graph, Vertical Bar graph and Table.
  6. For the chosen data display form, specify its corresponding fields in the left pane. For example: If you chose Pie Chart as the data display form, its corresponding fields are Number of, Calculate field, Group by, Number of Results, and Order by. For more information on the data display form and corresponding fields, refer to Data Display Forms.
    Depending on whether you choose Cases or Alerts – the Group By options will display differently.
  7. In the Filters pane, select the required filters for the data you want to display. If the filter you want is not in the provided top 15 list, then you can search for it and add it in.
  8. Click Save. The new widget with the specified data form, parameters and filters, is added to the dashboard.
    addwidgets

Data display forms and fields

Data Display Form Fields
Pie Chart
  • Number of
  • Calculate field
  • Group by
  • Number of Results
  • Order by
Horizontal Bar Graph
  • Number of
  • Calculate field
  • Group by
  • Number of Results
  • Order by
Vertical Bar Graph
  • Number of
  • Calculate field
  • Group by
  • Number of Results
  • Order by
Table
  • Number of
  • Calculate field
  • Axis A
  • Axis B
Number of Group by Fields
If you choose Alerts
  • Entity Identifier
  • Environment
  • Network
  • Playbook
  • Product
  • Rule Name
If you choose Cases 
  • Analyst
  • Environment
  • Importance
  • Priority
  • Tag
  • Stage
If you choose Playbooks 
  • Playbook Name
  • Environment
  • Blocks



Need more help? Get answers from Community members and Google SecOps professionals.