This is a two-part guide. This part provides an overview of the Dashboard Widgets and their components. Whereas the second part covers Examples and walks through scenarios to enable you to create new custom widgets efficiently.
SIRP Dashboards allow you to properly visualize and analyze your security operations and automation data with a refined user experience. This type of analytics enables you to effectively monitor and improve your security operations and incident management.
Graphs, charts, and tables provide visual representations of data, allowing you to understand the current state of different aspects of your security operations.
Dashboards are a combination of widgets. A widget is a mini-report that can display your data in several presentation styles, including simple numeric metrics, tables, and charts.
Users can select and place multiple widgets on a dashboard to achieve certain analytics goals. For example, users can create an Incident Monitoring dashboard and add Incident Management widgets to visualize Incident-related stats, trends, and metrics.
The custom widgets let you create your own widgets to render the data you are looking for on the dashboards. You can use appropriate queries to fetch the data from the desired sources and then choose a widget type to make that data appear in the desired format. Once created, you can add the custom widget to any dashboard.
Creating a Custom Widget
To create new widgets follow these steps:
Log in to the SIRP SOAR Platform
The first screen you see after logging in is the Dashboards. Click on the “Manage Custom Widgets” button at the top right corner
The next screen is called “Widget Management”. This page contains the list of Default widgets. These OOTB widgets are view-only widgets, and hence cannot be edited. But you can duplicate these widgets to customize and create your own widget. You can either click on the “Create Widget” button at the top to create a new widget from scratch. Or you can Duplicate an existing widget to use its settings and customize it.
Once duplicated, locate your new widget then click on the Edit option under the Actions column.
A slide-in form will appear that allows you to enter the details of your widget and customize it according to your requirements. The following section explains the different options available in this form.
Widget Types allow data to be represented in different chart or graph styles. You can choose from 10 widget types available (each explained below):
A Pie Graph is a type of graph in which a circle (pie) is divided into sectors (pie slices) where each sector represents a proportion of the whole. The entire “pie” represents 100%, while the pie “slices” represents portions from that 100% chunk.
A line graph is a type of chart used to show information that changes over time. Line graphs are plotted using several points connected by straight or curved lines. We also call it a line chart. The line graph comprises two axes known as the x-axis (horizontal) and y-axis (vertical).
A column graph summarizes categorical data by presenting parallel vertical bars with a height proportionate to specific quantities of data for each category. This type of graph can be advantageous in comparing two or more distributions of nominal or ordinal-level data.
A bar graph presents categorical data through rectangular bars with heights or lengths proportional to the values they represent. The bars can be plotted vertically or horizontally. A vertical bar chart is also sometimes called a column chart.
A polar graph is a shape constructed using the polar coordinate system. Polar graphs are defined by points that are a variable distance from the origin depending on the angle measured off the positive x-axis.
A radar graph is a graphical method of displaying multivariate data in the form of a two-dimensional chart of three or more quantitative variables represented on axes starting from the same (center) point.
The doughnut graph shows each cell's data as a slice of a doughnut. It lets you establish the relationship between parts of several sets of data to the whole. Each doughnut shows a series of data.
The table widget shows the data in the table grid form. The column names in the table are customizable.
This widget is used to render static text information on the dashboard. These widgets are typically used to display information about the dashboard where these widgets are placed.
It is the identifier for a widget that is to be created. This name is also displayed as a heading for the particular widget.
Data sources can be considered database tables that store a particular type of data. You have to search and select a particular data source from which you want to fetch data. You can select multiple data sources if you want to build relationships and fetch data from multiple sources.
If Data Sources are tables then Data Collectors are columns within the table where each column contains a specific piece of information. This field will show you all Data Collectors of the Data Sources selected in the previous field. You can search and select multiple Sources and use them in the widget.
You can select multiple data collectors within each widget. But there are limitations based on the widget type:
Pie Graph: Requires exactly 2 Data Collectors
Line Graph: Requires minimum 2 and maximum 3 Data Collectors
Column Graph: Requires minimum 2 and maximum 3 Data Collectors
Bar Graph: Requires minimum 2 and maximum 3 Data Collectors
Polar Graph: Requires exactly 2 Data Collectors
Radar Graph: Requires exactly 2 Data Collector
Doughnut Graph: Requires exactly 2 Data Collectors
Table Graph: Allows selection of up to 15 Data Collectors
Text Graph: Data Sources and Data Collectors not required
The Functions are used to manipulate the data or perform aggregate calculations on the chosen data. Functions take multiple values as input, perform a certain calculation, and return a single value. This (aggregate) Function ignores NULL values, except for the count function, when it performs the calculation.
Here is the list of available Functions:
AVG: The AVG() function provides the average value of a numeric data set
COUNT: The COUNT() function is used to count the number of rows returned
SUM: The SUM() function is used to calculate the sum of the data set
MIN: The MIN() function is used to find the minimum value or lowest value of a data set
MAX: The MAX() function is used to return the maximum value of a data set
CONCAT: The CONCAT() function is used to combine 2 or more fields of data and return them as a single field
DATE_FORMAT(Year): This function takes date as input and returns the Year value
DATE_FORMAT(MonthYear): This function takes date as input and returns the Month-Year value
Clauses are used in the queries to merge or filter the available data set to pull specific pieces of information.
The following section contains a list of all available Clauses along with a quick overview of each.
WHERE clause is used to specify a condition while fetching the data from a single data source or by joining with multiple data sources. If the given condition is satisfied, only then does it return a specific value from the source. You should use the WHERE clause to filter the records and fetch only the necessary records.
You can use the following Operators in the Where clause:
“=” – When equal to is selected, values will be matched with the selected Field value and filter the result. e.g. Field = Value (can be number and string both).
“!=” – When “not equal to” is selected, it filters down and returns the results that are not equal to the given value. e.g. Field != Value (can be number and string both).
“<>” – It performs the same operation as the != symbol and is used to filter results that do not equal a certain value. e.g. Field <> Value (can be number and string both).
“IN” – The IN operator allows multiple (comma-separated) values to be checked within the given field. The result is the set of values from the field which are in the given Values. e.g. Field IN (‘value1’,’value2’,’value3’) (can be number and string both).
“NOT IN” – The NOT IN operator allows multiple (comma-separated) values to be checked within the given field. The result is the set of values from the field which is everything but the values given in the Value field. e.g. Field NOT IN (‘value1’,’value2’,’value3’) (can be number and string both).
LIKE operator is used in the WHERE clause to search for patterns of strings rather than exact values. % is used before or after the string to get the wildcard selection. For example %SIRP means any string followed by SIRP.
The ‘DATEDIFF <=’ operator is used to select data where the difference between two dates is less than or equal to the given value. This operator can be used only with the DateTime collectors and only accepts a numeric value.
The ‘DATEDIFF >’ operator is used to select data where the difference between two dates is greater than the given value. This operator can be used only with the DateTime collectors and only accepts a numeric value.
The DISTINCT clause is used to eliminate all duplicate records and fetch only the unique records.
The LEFT JOIN clause is used to merge and fetch data from two or more data sources. Left Join uses the first data source (source 1) as the base and fetches all its records. Then it fetches data from the secondary data source by matching records from the first table.
The result is 0 records if the second data source doesn’t have any records that match with the records in the first data source for the given Primary field.
The RIGHT JOIN clause is used to merge and fetch data from two or more data sources. Right Join uses the second data source as the base and fetches all its records. Then it fetches data from the first data source by matching records from the second data source.
The result is 0 records if the first data source doesn’t have any records that match with the records in the second data source for the given Primary field.
The INNER JOIN clause selects data that have matching values in both the chosen data sources.
The GROUP BY statement groups rows based on common values for the given Field. Group By is often used with aggregate functions (COUNT(), MAX(), MIN(), SUM(), AVG()) to group the resulting data set by one or more collectors.
The ORDER BY clause is used to sort the resulting data set in ascending (ASC) or Descending (DESC) order.
The LIMIT clause is used to limit the number of records returned from the query.
Click on the Render button to validate the logic and the resulting query. An additional section will appear in the pop-up showing result of the query.
Once your graph is rendered, you can customize it further or you can save the widget by clicking on the “Save Changes” button which is located in the top right corner of the screen. Once saved, it can be used on the Dashboard(s) and Report(s).
You can also opt to just save this widget as a draft by clicking on the “Save As Draft” button. This will save the widget in a draft mode and hence it will not be available on the dashboard(s) and report(s). This option is useful when you're not sure about your final result and want to optimize your widget afterward.
The render function also shows you the Widget Query on the left side, right below the rendered graph. This widget query is the SQL-like representation of your widget's configuration. This section shows you in textual form the actual query that is going to be executed at the backend to fetch the desired data. You can use this query to further refine your selections in the Widget creation form.