Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Query on Filtering Closed Incidents by Time Frame in XSOAR dashboard

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Query on Filtering Closed Incidents by Time Frame in XSOAR dashboard

L1 Bithead

I'm in the process of creating a widget and need help retrieving details of incidents that were closed within a specific week or time frame, irrespective of their creation date. Additionally, I would like to know if there's a method to achieve this without using scripting. Could you please provide guidance on how to implement this functionality? 

 

Cortex XSOAR 

5 REPLIES 5

L3 Networker

Hi @ansusabu – Yes, this can be achieved by filtering incidents based on the closed timestamp field, for example:

closed:>="2024-11-07T00:00:00 -0700" and closed:<="2024-11-14T00:00:00 -0700"

But these values are static, right? I want the values to be changing based on the dashboard time frame.

 

And does your query take incidents created in during the dashboard timeframe and closed based on the query time frame? I don't want that. I want all the incidents closed during the dashboard's timeframe irrespective of their creation date

Nope, you can use relative timestamps as well. For example:

closed:>="7 days ago"

 

To return all incidents closed during the dashboard's timeframe irrespective of their creation date, change date range of the dashboard or widget to "All times".

"7 days ago" is still static. I need the incidents which are closed from last-to-last Sunday to last Saturday every week.

This can be done with reports. You can schedule the report to run every week at a particular time, like Sunday at midnight, and look back exactly 7 days from then.

  • 166 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!