Skip to main content
Skip table of contents

Widgets

LAST UPDATED: MARCH 14, 2025

The incident workspace now includes updated and new widgets, customizable via the Incident Workspace Builder. Each widget can be expanded or restored to their default size using their (expand) and (shrink) interactive icons.

Header Panel

Frame 97 (4)-20241227-233530.png

The general information header panel now features a modernized design, presenting key incident details.

Available Actions

  • Viewing Key Incident Details:

    • Incident ID and type, creation and last modified timestamps

    • Associated site and incident type, status, severity, owner, stage and viewers

  • Editable Fields:

    • Site, Incident Type, Status, Severity, Owner, and Tags

  • Quick Actions:

  • Export:
    The button provides export options:

    • Export: Exports the full content of the incident

    • Export Non-Empty Section: Export only the sections of the incident that contain data

Tasks Widget

Frame 98 (4)-20241228-001930.png

The new Tasks widget has replaced the old Your Pending Tasks section in the incident workspace overview. The Tasks widget provides a clear view of completed, upcoming and overdue playbook and ad hoc tasks. It also includes a graphical progress bar to visually track completion.

Users can click the button on this widget or use the Ad hoc Tasks quick action available in the header panel to add an ad hoc task.

Ad hoc Task Form

  1. Click on the button beside the Tasks widget header.

    Frame 99 (4)-20241228-003410.png

  2. (Alternative) Click on the Ad-hoc Task button in the header panel.

    Frame 101 (5)-20241228-003712.png

  3. Fill in the Create Ad Hoc Task form as required.

    Frame 165.png

Adversary Lifecycle Widget

The Adversary Lifecycle (previously Tactics & Techniques) widget has been redesigned to intuitively showcase tactic and technique details specific to the current incident, providing clear and comprehensive insights for each item.

Frame 103 (3)-20241228-010720.png

Clicking on the button beside the Adversary Lifecycle widget header will render a popup. The dropdown menu within this popup contains built-in and custom tactics and techniques.

Creating Custom Tactics and Techniques

  1. Navigate to the MITRE ATT&CK Monitor.

  2. Click on the image 40 (4)-20241228-011409.png icon next to a tactic.

  3. Select Insert Tactic or Add Technique.

    Frame 104 (3)-20241228-012434.png

  4. Enter in the necessary tactic or technique information, then click on the Save button.

Users can now observe their custom tactic or technique in the Adversary Lifecycle widget’s Add Tactic/Technique popup.

Deleting Tactics and Techniques

  1. Hover over a technique, then click on the icon.

    Frame 105 (3)-20241228-013713.png

  1. Click on the Remove button.

    Frame 106 (2)-20241228-013935.png

Conclusion Widget

add conclusion.gif

Users can use the Conclusion widget to record a summary for the incident’s resolution using an HTML editor.

To edit the content, hover over the widget and click on the image 48-20241231-185858.png icon.

To clear the HTML widget, hover over the widget, click on the image 49-20241231-190435.png icon, then click on the Clear button.

Custom Fields Widget

Group 39.png

The Custom Fields widget allows users to add custom fields and values to incorporate information about the incident beyond what appears in the Header Panel.

To add a custom field, click on the Group 39 (1).png button or the Add Custom Field button. In the pop-up window that appears, enter the custom field name and value before clicking on the Save button.

Group 41 (1).png
Editing a Custom Field Value and Deleting a Custom Field

Editing a Custom Field Value

To edit a custom field value, click on the custom field, make the edits, then click on the Group 42 (1).png button to save.

edit custom field.gif

Deleting a Custom Field

To delete a custom field, click on it, then click on the Group 43.png icon.

delete custom field.gif

Description Widget

add description widget.gif

The Description widget enables users to add or update the incident description using an HTML editor.

To edit the content, hover over the widget and click on the image 48-20241231-185858.png icon.

To clear the HTML widget, hover over the widget, click on the image 49-20241231-190435.png icon, then click on the Clear button.

Events Summary Widget

Group 97.png

The Events Summary widget provides summaries of events linked to the incident, including their linkage method, event ID and name, risk level, occurrence and last updated dates, and a link to access the event details pop-up window for linked events.

Accessing Event Details

Clicking the View Event Details link opens the Event Details pop-up window containing the details of the event.

Group 98.png

Files Widget

DragFileToUpload2.gif

The Files widget has been redesigned to support file uploads via drag-and-drop or browsing.

File Card UI

Each file card displays the file name, size, and unique incident file ID. Users can perform the actions Preview, Download, or Delete using the menu accessible through the icon.

Upload details, including the uploader's name and timestamp, are displayed at the bottom of each file card.

Frame 108 (2)-20241230-185253.png

Users can edit the file description by clicking the text area and cancel or confirm changes using the and buttons at the bottom-right.

Findings Widget

Group 99.png

The Findings widget enables users to view, add, and edit investigation findings directly from the Overview tab. The data displayed in this widget mirrors the information in the Findings section of the Investigation tab.

Adding a Finding Using a Data Table

  1. Click on the Group 101.png button or Add Finding button.

    Group 100.png

  2. Click on the Data Table option.

    Group 102.png

  3. Configure the table.

    Group 104.png

    1. Select a suitable category from the dropdown.

    2. Enter a descriptive header for the table.

    3. Provide a brief description to help other users understand the table’s contents.

    4. Use the code snippet below to create the table.

      JSON 
      {
  "Fields": [
    {
      "Title": "Sender Email",
      "Name": "sender_email"
    },
    {
      "Title": "Subject",
      "Name": "subject"
    },
    {
      "Title": "Timestamp",
      "Name": "timestamp"
    },
    {
      "Title": "Malicious Link",
      "Name": "malicious_link"
    }
  ],
  "Data": [
    {
      "sender_email": "suspicious_user@example.com",
      "subject": "Urgent: Verify Your Account",
      "timestamp": "2025-01-07T10:15:00Z",
      "malicious_link": "http://malicious.example.com/login"
    }
  ]
}

  4. Click on the Group 105 (1).png button to save.

  5. Confirm that the data table can be rendered properly.

    Group 106.png

  6. (Optional) Click the Investigation tab to check if the newly added finding is also there.

    Group 107.png
Adding a Finding with the HTML Rich Text Editor

  1. Click on the Group 101.png button or Add Finding button.

    Group 100.png

  2. Click on the HTML Rich Text option.

    Group 108.png

  3. Add the content.

    Group 109.png

    1. Select a suitable category from the dropdown.

    2. Add the finding using the HTML Rich Text editor.

  4. Click on the Group 105 (1).png button to save.

  5. Confirm that the content can be rendered properly.

    Group 110.png

  6. (Optional) Click the Investigation tab to check if the newly added finding is also there.

    Group 111.png

Toggling Between Views

Users can switch between views the Grouped View and Timeline View when reviewing findings.

Group 112.png

Grouped View

In the grouped view, findings are organized into categories, such as Initial Findings and Data Enrichments.

Group 113 (1).png

Timeline View

In the timeline view, findings are displayed in chronological order from top to bottom, starting with the earliest added finding.

Group 114.png

HTML Widget

The new HTML widget allows users to dynamically add custom HTML content, allowing the display of richly formatted information.

To edit the content, hover over the HTML widget and click on the image 48-20241231-185858.png icon.

To clear the HTML widget, hover over the HTML widget, click on the image 49-20241231-190435.png icon, then click on the Clear button.

Incident Form Widget

Group 154.png

The Incident Form widget allows users to add or update information about the incident using the incident forms associated with the incident.

Adding Information with the Incident Form

  1. Click on the Group 157.png icon beside an incident form.

    Group 156.png

  2. Add the relevant information, then click on the Save button.

    Group 158.png

  3. Verify that the information has been successfully added.

    Group 160.png

Users can also modify the information by following the same methods outlined in steps 1-3.

Investigation Team Widget

Group 162.png

The Investigation Team widget displays users assigned to work on the incident and their access level. It also allows users to edit the team.

Adding to the Investigation Team

  1. Click on the Group 90.png button.

    Group 163.png

  2. Add the investigators.

    Group 164.png

    1. Search for and select the users to add by their names.

    2. Choose their level of access.

    3. Click on the + Add button.

Modifying the Access Level of an Investigator

  1. Click on the Group 161.png button to delete the user.

    Group 165.png

  2. Click on the Group 171.png button.

    Group 163.png

  3. Modify the investigator’s access level.

    Group 166.png

    1. Search for and select the user whose access level needs to be updated.

    2. Choose their level of access.

    3. Click on the + Add button.

JSON Table Widget

Group 182.png

The JSON Table widget allows users to add a table containing custom JSON data into the incident. This data can be used as input for playbook tasks that support dynamic values.

Adding the JSON Table

  1. Click on the image 48-20241231-185858.png icon.

  2. Add the data in JSON, then click on the Group 105 (1).png button to save.

    Group 167.png

  3. Confirm that the table can be rendered properly.

    Group 168.png

RESULT

Users can use this JSON data as input for playbook tasks that support dynamic input values, selectable at the path $.DataSource.incident.CustomJsonTable.

Group 169.png

Linked Artifacts Widget

Group 172 (1).png

The Linked Artifacts widget enables users to associate artifacts with the incident. Users can click on either the Group 171.png button or the Add Linked Artifact button to link an existing artifact to the incident or create a new artifact to link to the incident.

After linking artifacts to the incident, users can access their details and execute commands on them. Linked artifacts are also displayed in the Link Analysis tab.

Group 175.png

Linked Incident Widget

image 43-20241231-002642.png

The Linked Incidents widget has been updated to support bulk selection and display a structured layout of incident details, including the number, title, type, status, creation date, owner, and associated artifacts.

Hovering over the owner icon, the text after "Created On", or any artifact reveals a tooltip with additional details.

Tooltip Examples

Exact incident creation date and time

Frame 110 (3)-20241231-005430.png

Incident owner

Frame 117 (2)-20241231-010617.png

Email address artifact

Frame 114 (3)-20241231-005439.png

File artifact

Frame 115 (2)-20241231-005447.png

Internal IP artifact

Frame 118 (2)-20241231-011026.png
Frame 119 (2)-20241231-011920.png

To copy a linked incident’s URL, hover over that incident and click on the image 44-20241231-011513.png icon.

To unlink an incident, hover over that incident and click on the image 45 (1)-20241231-011540.png icon.

Notes Widget

The Notes widget has been improved for greater clarity and differentiation between notes, with a keyword search feature added for easier retrieval.

Editing, Deleting and Viewing History

  1. Click on the button.

    Frame 125 (2)-20241231-024922.png

  2. Select the desired action from the dropdown menu:

    • Click Edit to modify the note content.

    • Click Delete to permanently remove the note.

    • Click View History to see previous versions and changes made to the note.

      Frame 164 (6)-20250106-183012.png

  3. Follow the on-screen prompts to complete the selected action.

Playbook Automation Widget

Frame 121 (2)-20241231-015352.png

The Playbook Automation widget (formerly Playbook) now supports bulk selection, same-page unlinking and viewing, filtering of custom or built-in playbooks, and filtering by integration commands used within playbooks.

Unlinking a Playbook

  1. Hover over that playbook and click on the image 45 (1)-20241231-011540.png icon.

    Frame 123 (2)-20241231-021212.png

  2. Enter a reason for unlinking, then click on the Unlink button.

Clicking a playbook card renders a modal containing the executing playbook, identical to accessing it via the Playbooks sidebar menu.

Frame 124 (2)-20241231-022415.png

Recommendations Widget

add_recommendation_widget.gif

The Recommendations widget enables users to view, add, and edit analyst recommendations directly from the Overview tab. The data displayed in this widget mirrors the information in the Recommendations section of the Investigation tab.

The process of adding a recommendation, whether with a data table or HTML Rich Text, is identical to adding a finding, with the exception that the category dropdown is available only for findings.

Remediations & Mitigations Widget

add_remediation_widget.gif

The Remediations & Mitigations widget enables users to view, add, and edit analyst remediation and mitigation strategies directly from the Overview tab. The data displayed in this widget mirrors the information in the Remediations & Mitigations section of the Investigation tab.

The process of adding a remediation and mitigation strategy, whether with a data table or HTML Rich Text, is identical to adding a finding, with the exception that the category dropdown is available only for findings.

AI Summary Widget

The Summary widget mirrors the content of the Summary section in the Investigation sidebar menu.

Beside the Summary widget header is a light blue refresh icon image 50-20241231-192620.png. Clicking this icon securely generates a new summary using AI, improving incident reporting and team communication. This icon is accessible only to users with incident editing role, configured in the Organization Management module.

Before AI-Generated Summary

Summary After AI Regeneration

After an AI summary is generated, an label will render next to the Summary widget header. If the summary content is modified by a user, the label will be removed.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close