Using predefined widgets in Playbook views

Supported in:

Predefined widgets are widgets that are attached to actions in an integration in the Google Security Operations Marketplace. They have been defined by Google Security Operations experts in order to return specific information for the action, thereby reducing the time required to customize and build the bespoke Playbook view.

After downloading the Integration, the Actions will appear as usual for use when building the Playbook with special icons to denote if they have predefined widgets.�

You can use these predefined widgets in existing Playbooks and also when building new Playbooks.

Let's take a look at how to build a new Playbook View with predefined widgets in VirusTotal actions.

  1. Navigate to Google Security Operations Marketplace > Integrations and select VirusTotal.
  2. Click on the Read More. As you can see, some of the VT actions come with predefined widgets:
  3. Make sure to download and configure the VirusTotal integration as required.
  4. Now let's go to the Playbooks screen and take a look at using an Action with a predefined widget.
  5. Create a new Playbook, open the Step Selector and drag and drop the VirusTotal Enrich hash Action.
  6. Let's now click on Add View and give it a name (Contains VT widgets) �and choose a Role. In this example, we will keep the checkbox selected for including predefined widgets but note that you can always choose to opt out at this stage or even delete them after creating the view.
  7. After you create the view, you can see that the widget is automatically added to the view. Note that you only can edit the following options in this widget:
    Name, Description, Conditions.
  8. After the Playbook is attached to an alert, it will appear in the Alert view in the Playbook tab of the Case as shown below.

Let's now take a quick look at adding predefined widgets to existing Playbooks. Let's use VirusTotal again for this example.

  1. Locate the required Playbook and open the Step Selection.
  2. Drag and drop the Virus Total Enrich URL action into the Playbook.�Make sure to save!
  3. Navigate to the View and you will see the predefined widget appears in the Predefined column on the left.
  4. Drag and drop it into the View.�