This document describes the Google Security Operations SOAR dashboard widgets you can use to display data
related to the status of your SOC, derived from cases, alerts, and playbooks.
Widgets help visualize key metrics—such as alert reduction, case prioritization,
and automation performance—directly within a SOAR dashboard. Each dashboard can
contain up to 12 widgets, which you can add based on your
monitoring needs.
By showing the percentage of alerts that have been grouped into cases, the widgets
demonstrate how alert grouping helps reduce the number of individual alerts that require investigation.
For example, the Alert Reduction widget shows the ratio of
cases to alerts using this formula:
1 - ( Cases / Alerts ) * 100%
If four alerts are grouped into three cases, the number of alerts requiring
investigation is reduced by 25%, as three grouped cases replace four individual alerts.
Add a widget to a SOAR dashboard
Go to Dashboards & Reports > SOAR Dashboards.
Click
add
Add Widget.
In the Widget Settings dialog:
Enter a title for the widget (required).
The Time and Environment fields are auto-filled based on
the dashboard settings.
Select a Widget Width.
Select the Data Display Form:
Pie chart (default format)
Horizontal bar graph
Vertical bar graph
Table
On the side pane, specify fields relevant to the selected display form.
For example, if using a Pie Chart, configure:
Number of
Calculate field
Group by
Number of Results
Order by
For a Table, fields include:
Number of
Calculate field
Axis A
Axis B
In the Filters pane, select the data filters to apply:
The top 15 filters are shown by default.
Use the search bar to add filters not listed.
Click Save to add the widget to the dashboard with the specified display format, fields, and filters.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["Add SOAR dashboard widgets \nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\nThis document describes the Google Security Operations SOAR dashboard widgets you can use to display data\nrelated to the status of your SOC, derived from cases, alerts, and playbooks.\nWidgets help visualize key metrics---such as alert reduction, case prioritization,\nand automation performance---directly within a SOAR dashboard. Each dashboard can\ncontain up to 12 widgets, which you can add based on your\nmonitoring needs.\n\nBy showing the percentage of alerts that have been grouped into cases, the widgets\ndemonstrate how [alert grouping](/chronicle/docs/soar/investigate/working-with-alerts/alert-grouping-mechanism-admin) helps reduce the number of individual alerts that require investigation.\n\n\nFor example, the **Alert Reduction** widget shows the ratio of\ncases to alerts using this formula:\n\n\n1 - ( Cases / Alerts ) \\* 100%\n\nIf four alerts are grouped into three cases, the number of alerts requiring\ninvestigation is reduced by 25%, as three grouped cases replace four individual alerts.\n\nAdd a widget to a SOAR dashboard\n\n1. Go to **Dashboards \\& Reports \\\u003e SOAR Dashboards**.\n2. Click add **Add Widget** . **Note:** If the dashboard is newly created, you can also click add **Add** in the empty dashboard.\n3. In the **Widget Settings** dialog:\n - Enter a title for the widget (required).\n - The **Time** and **Environment** fields are auto-filled based on the dashboard settings.\n4. Select a **Widget Width**.\n5. Select the **Data Display Form**:\n - **Pie chart** (default format)\n - **Horizontal bar graph**\n - **Vertical bar graph**\n - **Table**\n6. On the side pane, specify fields relevant to the selected display form.\n - For example, if using a **Pie Chart**, configure:\n - **Number of**\n - **Calculate field**\n - **Group by**\n - **Number of Results**\n - **Order by**\n - For a **Table**, fields include:\n - **Number of**\n - **Calculate field**\n - **Axis A**\n - **Axis B**\n| **Note:** The **Group By** options display differently, depending on whether you select **Cases** or **Alerts**.\n7. In the **Filters** pane, select the data filters to apply:\n - The top 15 filters are shown by default.\n - Use the search bar to add filters not listed.\n8. Click **Save** to add the widget to the dashboard with the specified display format, fields, and filters.\n\nFor details about the data display form and corresponding fields,\nsee [View data display forms and fields](/soar-dashboards/add-dashboard-widgets#data-display-forms-and-fields).\n\nView data display forms and fields\n\n\u003cbr /\u003e\n\n \u003ctr\u003e\n \u003ctd\u003e\n Table\n \u003c/td\u003e\n \u003ctd\u003e\n \u003cul\u003e\n \u003cli\u003e\n Number of\n \u003c/li\u003e\n \u003cli\u003e\n Calculate field\n \u003c/li\u003e\n \u003cli\u003e\n Axis A\n \u003c/li\u003e\n \u003cli\u003e\n Axis B\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/td\u003e\n \u003c/tr\u003e\n\n\u003cbr /\u003e\n\n| Data Display Form | Fields |\n|---------------------------------------------------|-------------------------------------------------------------------------|\n| Pie Chart Horizontal Bar Graph Vertical Bar Graph | - Number of - Calculate field - Group by - Number of Results - Order by |\n\n\u003cbr /\u003e\n\n| Number of | Group by fields |\n|-----------------------------|------------------------------------------------------------------------------|\n| If you choose **Alerts** | - Entity Identifier - Environment - Network - Playbook - Product - Rule Name |\n| If you choose **Cases** | - Analyst - Environment - Importance - Priority - Tag - Stage |\n| If you choose **Playbooks** | - Playbook Name - Environment - Blocks |\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
