Information Widgets
Information widgets display trends of information based on various parameters on objects. You can add system and custom information widgets while creating a dashboard. You can create up to 100 custom widgets.
Note
Information widgets use a logarithmic scale to efficiently illustrate exponentially increasing data, enabling clear and concise visualization of extensive datasets.
Create Custom Information Widget
Create custom information widgets using saved search queries to graphically represent threat data objects or entities based on specific parameters.
Before you Start
Ensure that you have Create Dashboards, View Dashboards, and Update Dashboards permissions.
Steps
To create a custom widget, follow these steps:
Go to Main Menu > Dashboards.
Click Add Dashboard. For more information about creating a dashboard, see Custom Dashboards.
Click + to add Information Widgets.
Click Create Custom Widget.
Select a saved search query to create the widget.
If you don’t have a saved search, you can use the default system saved search queries or create a new saved search query. For more information, see Save CQL Queries. Refresh the saved searches to view the recently added saved search queries.
You can also preview the saved search query before adding and using it for the widget
Select from the following chart types:
Standard Charts: Use this chart to analyze and view information about an object or all objects based on a single parameter. For example, create a widget to track indicators based on its source. You can choose from pies, donuts, semi-donuts, lines, and more.
Advanced Charts: Use this chart to analyze and view information about an object or all objects based on two parameters. For example, create a widget to track indicators based on their source and source created date. You can choose from stacked bar, stacked line, treemap, heatmap, and more.
Click Plot Axes.
You can now view partial records from the selected saved search query. This helps you understand the kind of data that will make up the widget.
In Widget Details, enter the following details:
Widget Name: Enter a unique widget name within 100 characters. By default, the platform picks the name of the selected saved search query. For example, Indicators Overview.
Count of: Select an object to analyze using this widget. For example, Indicator.
Primary Group by: Select the primary parameter to analyze the selected object. For example, Source. You can group by to retrieve top-related objects. For more information, Supported Primary Group By Types.
Secondary Group by: Select the secondary parameter to analyze the selected object. This option is available only for advanced charts.
(Optional) Show Top Results: Enter the number of results between 3 to 10 to view in the widget. By default, you can view all data retrieved for the selected CQL query. Use this option to limit the data set to view the top results. For example, 5.
Click Generate Preview.
Based on your selections, you can view the generated preview.
Note
This preview is solely a representation of how the widget appears after you save it.
Verify widget details, such as widget name, chart type, and labels for primary or secondary parameters under Customize Widget. You can also edit these details if required.
Additionally, you can set the preview date range for the widget. By default, you can view the data of the last seven days.
Click Create Custom Widget.
You can view the created widget in the selected widget cell. The platform may take some time to load the data.
You can replace the widget on the dashboard if the creator deletes the saved search query used to create it or converts it into a private saved query. For more information, see→.
Supported Primary Group By Types
You can group by the following threat data objects to retrieve the top-related objects:
Object Type: Groups objects by the object type, such as indicators, malware, and more.
Source: Groups objects by the source that has reported the threat data objects.
Source Type: Groups objects by the type of feed source that has reported the threat data objects.
Source Collections: Groups objects by the source collections that are a part of the feed source.
Source Created Date: Groups objects by the date when the source created the threat data object.
Source Modified Date: Groups objects by the date when the source last modified the threat data object.
Source Confidence: Groups objects by the confidence score that is assigned to the threat data object by the source.
IOC Type: Groups objects by the type of IOCs, such as domain name, email address, and more.
Country: Groups objects by the countries that reported the threat data objects.
TLP: Groups objects by the TLP assigned to the threat data objects.
Tags: Group objects by the tags associated with the threat data objects.
Related Object: Groups objects by the objects related to the threat data object, such as malware, threat actor, and more.
Related Object Name: Groups objects by the related object name which is related to the threat data object.
Custom Attribute: Groups objects by the custom attribute associated with the threat data object.
Custom Attribute Name: Groups objects by the custom attribute name associated with the threat data object.
System Created Date: Groups objects by the date the threat data object was created in Intel Exchange.
System Modified Date: Groups objects by the date the threat data object was last modified in Intel Exchange.
Analyst Score: Groups objects by the analyst score assigned to the threat data object.
Confidence Score: Groups objects by the confidence score assigned to the threat data object.