Script Based Widgets Using Automation Scripts Examples
Create script based widgets based on automation scripts
for reports and dashboards in Cortex XSOAR.
The following examples are script based
widgets using automation scripts. After creating the script, Create a Widget using the Widget Builder.
Text
In this example, create a script that queries and returns
current on-line users, and displays the data in a Markdown table.
In the automation script, type one of the following return values:
JavaScript
return executeCommand("getUsers", {online: true})[0].HumanReadable;
Python
demisto.results(demisto.executeCommand("getUsers", { "online": True })[0]["HumanReadable"])
When creating or editing the widget in the Cortex XSOAR, to add
a page break, type
/pagebreak
in the text
box. When you generate a report, the widgets that follow the page
break are on a separate page. 
In the dashboard, the following widget displays the on-line users:
(
Multi-tenant
) Script-based text widgets are not supported
in the Main Account.Number
This example shows how to create a single item widget
with the percentage of incidents that DBot closed.
In the automation script, type one of the following:
JavaScript
var res = executeCommand("getIncidents", { 'query': 'status:closed and investigation.users:""', 'fromdate': args.from, 'todate': args.to, 'size': 0 }); var closedByDbot = res[0].Contents.total; res = executeCommand("getIncidents", { 'status': 'closed', 'fromdate': args.from, 'todate': args.to, 'size': 0 }); var overallClosed = res[0].Contents.total; var result = Math.round(closedByDbot * 100 / overallClosed); return isNaN(result) ? 0 : result;
Python
res = demisto.executeCommand("getIncidents", { "query": "status:closed and investigation.users:\"\"", "fromdate": demisto.args()["from"], "todate": demisto.args()["to"], "size": 0 }) closedByDbot = res[0]["Contents"]["total"] res = demisto.executeCommand("getIncidents", { "status": "closed", "fromdate": demisto.args()["from"], "todate": demisto.args()["to"], "size": 0 }); overallClosed = res[0]["Contents"]["total"] if overallClosed == 0: demisto.results(0) else: result = round(closedByDbot * 100 / overallClosed) demisto.results(result);
Duration
In this example, create a script that queries and returns
a time duration (specified in seconds), and displays the data as
a countdown clock. If using a JSON file, you must set widgetType
to duration.
In the automation script, type one of the following return values:
JavaScript
return JSON.stringify([{ name: "", data: [120] }]);
Python
demisto.results('[{"name": "", "data": [120]}]')
The return type should be a string (any name) and an integer.
The time is displayed in seconds.
After you have uploaded the script and created the widget, you
can add the widget to the dashboard or report. The following widget
displays the time duration:
Trend
In this example, create a script that queries and returns
the trend between two sums.
In the automation script, type one of the following return values:
JavaScript
return JSON.stringify({currSum: 48, prevSum: 32});
Python
demisto.results({ "currSum": 48, "prevSum": 32 })
The return displays an object which compares the current sum
with the previous sum.
Chart
A valid result for a chart widget is a list of groups.
Each group points to a single entity, for example, in bar charts
each group is a bar. A group consists of the following:
- Name- A string.
- Data- An array of integers.
- Color- A string representing a color that will be used as a default color for that group. It can be the name of the color, a hexadecimal representation of the color, or an rgb color value (optional).A widget legend color will override a group color if it exists.
- Groups- A nested list of groups (optional).
In this example, we show how to create a script that will query
and return the trend between two sums in a pie chart.
- Pie
- Line
- Bar
- Column
Simple pie/chart
In the automation script, type the following return value:
JavaScript
var data = [ {name: "2018-04-12", data: [10], color: "blue"}, {name: "2018-04-10", data: [3], color: "#029be5"}, {name: "2018-04-17", data: [1], color: "rgb(174, 20, 87)"}, {name: "2018-04-16", data: [34], color: "grey"}, {name: "2018-04-15", data: [17], color: "purple"} ]; return JSON.stringify(data);
Python
data = [ {"name": "2018-04-12", "data": [10], "color": "blue"}, {"name": "2018-04-10", "data": [3], "color": "#029be5"}, {"name": "2018-04-17", "data": [1], "color": "rgb(174, 20, 87)"}, {"name": "2018-04-16", "data": [34], "color": "grey"}, {"name": "2018-04-15", "data": [17], "color": "purple"} ]; demisto.results(json.dumps(data));
After you have uploaded the script and created the widget you
can add the widget to a dashboard or report. The following widget
displays the trend in a pie chart:
Two group chart
JavaScript
var data = [ {name: "2018-04-12", data: [10], groups: [{name: "Unclassified", data: [10] }]}, {name: "2018-04-10", data: [3], groups: [{name: "Unclassified", data: [2] }, {name: "Access", data: [1] }]}, {name: "2018-04-17", data: [1], groups: [{name: "Unclassified", data: [1] }]}, {name: "2018-04-16", data: [34], groups: [{name: "Unclassified", data: [18] }, {name: "Phishing", data: [14] }]}, {name: "2018-04-15", data: [17], groups: [{name: "Access", data: [17] }]} ]; return JSON.stringify(data);
Python
data = [ {"name": "2018-04-12", "data": [10], "groups": [{"name": "Unclassified", "data": [10] }]}, {"name": "2018-04-10", "data": [3], "groups": [{"name": "Unclassified", "data": [2] }, {"name": "Access", "data": [1] }]}, {"name": "2018-04-17", "data": [1], "groups": [{"name": "Unclassified", "data": [1] }]}, {"name": "2018-04-16", "data": [34], "groups": [{"name": "Unclassified", "data": [18] }, {"name": "Phishing", "data": [14] }]}, {"name": "2018-04-15", "data": [17], "groups": [{"name": "Access", "data": [17] }]} ]; demisto.results(json.dumps(data));
Table or List
In this example, you need to create a script that queries
and returns employee information in a table. For Table or List,
if creating a JSON file, set the widgetType to table or list. When
using lists, a maximum of two columns displays, the rest are ignored
(do not display).
In the automation script, type one of the following return values:
JavaScript
return JSON.stringify({total: 3, data:[ {Employee: 'David D', Phone: '+14081234567', Email: 'David@org.com'}, {Employee: 'James J', Phone: '+14087654321', Email: 'James@org.com'}, {Employee: 'Alex A', Phone: '+14087777777', Email: 'Alex@org.com'} ]});
Python
demisto.results({ "total": 3, "data": [{"Employee": "David D", "Phone": "+14081234567", "Email": "David@org.com"}, {"Employee": "James J", "Phone": "+14087654321", "Email": "James@org.com"}, {"Employee": "Alex A", "Phone": "+14087777777", "Email": "Alex@org.com"}]})
After you have uploaded the script and created a widget you can
add the widget to a dashboard or report. The following widget displays
the employee information:
Filter Data for all Widgets (Pivoting)
In this example, you want to create a filter according
to type (phishing, access and IP) and then pivot to the relevant
incident/indicators page. You need to add the following to the JSON
or python automation script.
- dataType: Pivots to the relevant page, such as Incidents page.
- query: Filters according to the value in the relevant page. For example, for phishing, if you define‘type:Phishing’and thedataType:incidents, you are taken to the Incident page with the‘type:Phishing’filter.
- pivot: Filters the dashboard according to data set. For example,pivot: ‘type:Phishing’enables you to filter data that relates to phishing in the dashboard.
In the automation script, type one of the following return values:
JavaScript
return JSON.stringify([{name: 'Phishing', dataType:'incidents', query:'type:Phishing', data: [50], pivot: 'type:Phishing'}, {name: 'Access', dataType:'incidents', query:'type:Access', data: [50], pivot: 'type:Access'}, {name: 'IP', data: [50], dataType: 'indicators', query:'type:"IP"', pivot: 'type:IP’}]);
Python
data = [ {"name": "Phishing", "data": [50], "dataType": "incidents", "Query": "type:Phishing", "pivot": "type:Phishing"}, {"name": "Access", "data": [50], "dataType": "incidents", "query": "type:Access", "pivot": "type:"Access"}, {"name": "IP", "data": [50], "dataType": "indicators", "query": "type:"IP", "pivot": "type:IP"} ]; demisto.results(json.dumps(data));
After you have uploaded the script and created a widget, add
the widget to a dashboard or report page.
