Understand Widget Properties

When you configure a widget, you might see a combination of some or all of the following properties:

Title and Subtitle

Specifies the name and an optional secondary name for a widget you want to add to your dashboard.

You can also specify whether the dashboard displays the title or subtitle.

In general, because you might have several variations of some widgets, it’s a good practice to title each widget according to your sub-filter criteria. For example, SOC Manager Franz Tupper creates a Case Breakdown widget for each of the SOC’s three owner groups: EMEA, AMS, and APJ. He names the widgets Case Breakdown-EMEA, Case Breakdown-AMS, and Case Breakdown-APJ.

Severity

Specifies the categories of importance, or severity, assigned to the affected cases. For example, in ESM, some cases might be categorized as Catastrophic or Marginal.

When selected for Group by or Facet, you can add sub-filters by specifying the type of Cases, Assigned Owners, or Assigned Owner Groups that you also want to view.

Assigned Owners

Indicates that you want to display data based on the individuals assigned to the affected cases. You can specify the Owners that you want to include.

If you do not specify an owner, the Dashboard includes data for all owners. If you specify more than five owners, the Dashboard displays data for the top five selected owners. Then adds an Other category that totals the values for all other selected owners.

When selected for Group by, you can add sub-filters by specifying the type of Cases and Importance categories that you also want to view.

Assigned Owner Groups

Indicates that you want to display data based on the owner groups, or teams, assigned to the affected cases. The widget also displays all cases assigned to the individuals and child groups within the owner groups. You can specify the Owner Groups that you want to include.

If you do not specify an owner group, the Dashboard includes data for all groups, and thus all owners. If you specify more than five owner groups, the Dashboard displays data for the top five selected groups. Then adds an Other category that totals the values for all other selected owner groups.

When selected for Group by, you can add sub-filters by specifying the type of Cases and Severity categories that you also want to view.

Assigned Cases

Applies only when you specify Severity for Group by

Indicates whether a sub-filter includes cases assigned to the specified owners.

To include specific owners or owner groups, select Owners then add the names that you want to include. Otherwise, the Dashboard displays data for all assigned cases.

In general, to view sub-filter data, you might hover over the visual in the widget or drill down into the data.

Unassigned Cases

Applies only when you specify Severity for Group by

Indicates whether a sub-filter includes unassigned cases.

Number of Groups

Applies only to the SOAR Productivity widget

Indicates whether a sub-filter includes the most productive number of groups.

Statuses

Applies only when you specify Statuses for Facet

Indicates whether a sub-filter includes statuses.

Show Top N Playbooks

Applies only to the SOAR Productivity widget

Indicates whether a sub-filter includes the number of Top Playbooks executed.

Classifications

Applies only to the SOAR Productivity widget

Indicates whether a sub-filter includes the classification of the attack type.

Number of Playbooks

Applies only to the SOAR Productivity widget

Indicates whether a sub-filter includes the number of Playbooks executed.

Target for Case Closure

Applies only to the Productivity and Case Load widgets.

Specifies the number of cases per week that you expect each owner group (Productivity widget) or owner (Case Load) to close.

Time Range

Specifies the start and end dates for the data that you want to view:

  • Dashboard’s default tells the widget to use the time range set for the dashboard.

  • As of now tells the widget to use the most recent data retrieved from the data source.

    Data updates each time you refresh the browser, unless you have specified a Custom time range.

    You can set a maximum time range to limit the amount of data that the Dashboard can collect from its data sources. For example, you can specify 365 days of data. For more information, see the Administrator’s Guide to ArcSight Command Center for ESM.

To assign or change the severity or owner of a case, use the ArcSight Console or Command Center.

Layout

Specifies the orientation of the widget in a custom dashboard. For example, you might want the Database Event Ingestion Timeline widget to span the width of the dashboard.