This document describes theSOAR Dashboardspage in Google Security Operations
SOAR, how you can manage these dashboards, and provides an overview of specified
data through the dashboard, including the various widgets.
These widgets can show data for any specified SOC environment or case occurrence
time. A dashboard can hold up to 12 widgets, which display data in formats, such
as pie charts, bars, and tables. To display data related to your SOC status,
you canadd SOAR dashboard widgets.
Monitor activity with predefined dashboards
Google Security Operations provides the following predefined, customizable
dashboards to help you monitor and report SOC activities:
Playbooks dashboard: Overview of playbook
performance, including overall status, distribution, alert handling, and runtime
metrics.
SOC Status: Overview of the SOC's current state,
highlighting important metrics for cases, alerts, incidents, and analyst
activities.
Customize dashboards by data
You can customize a dashboard's display data by grouping widgets based on criteria, such as:
Analysts or playbooks associated with the case
Products or involved entities
Important or unimportant cases
You can filter the displayed data by applying built-in filters, such as tags, case status, case priority, case stage, and case close reasons.
Use-case: Add a new widget to a new dashboard
This section provides the steps for adding a
new widget to a new dashboard. The widget provides a pie chart, (default format) showing
the top five products that contribute to attacks across all environments in the
last six months. This presentation is ordered by the number of attacks in
descending order. No filters are applied in this example. No filters are
applied in this scenario.
Go toDashboards & Reports>SOAR Dashboards.
Clickfilter_altFilterand set the time toLast 6 Monthsand the environment asAll Environments.
Clickkeyboard_arrow_downView all dashboardsand selectaddCreate New Dashboard.
EnterAttacksas the new dashboard name and clickCreate.
In the new dashboard, clickaddAdd.
In theWidget Settingsdialog, enterTop 5 Attacks by Productsas the title.
SelectWidget Width.
In the data display,Pie Chartis set by default. Keep this setting.
Configure thePie Chartfields as follows:
Number of: Alerts
Calculate field: Count
Group by: Product
Number of Results: 5
Order by: Descending
ClickSave.
The new widget is added to the dashboard asAttacks.
The pie chart displays the top five products associated with attacks across all environments in the last six months.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThe Dashboard page provides analysts with an overview of specified data through various widgets.\u003c/p\u003e\n"],["\u003cp\u003eEach dashboard can contain up to 12 widgets, displaying data in formats like pie charts, bars, and tables.\u003c/p\u003e\n"],["\u003cp\u003eWidget data can be customized by grouping based on analysts, playbooks, products, entities, case importance, and more.\u003c/p\u003e\n"],["\u003cp\u003eData displayed on the dashboard can be filtered by tags, case status, priority, stage, and close reasons.\u003c/p\u003e\n"],["\u003cp\u003eDashboard data is automatically refreshed every five minutes and does not include simulated alerts.\u003c/p\u003e\n"]]],[],null,["SOAR Dashboards overview \nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\nThis document describes the **SOAR Dashboards** page in Google Security Operations\nSOAR, how you can manage these dashboards, and provides an overview of specified\ndata through the dashboard, including the various widgets.\nThese widgets can show data for any specified SOC environment or case occurrence\ntime. A dashboard can hold up to 12 widgets, which display data in formats, such\nas pie charts, bars, and tables. To display data related to your SOC status,\nyou can [add SOAR dashboard widgets](/chronicle/docs/soar/monitor-and-report/soar-dashboards/add-dashboard-widgets).\n\nMonitor activity with predefined dashboards\n\n\nGoogle Security Operations provides the following predefined, customizable\ndashboards to help you monitor and report SOC activities:\n\n- **Playbooks dashboard**: Overview of playbook performance, including overall status, distribution, alert handling, and runtime metrics.\n- **SOC Status**: Overview of the SOC's current state, highlighting important metrics for cases, alerts, incidents, and analyst activities.\n\nCustomize dashboards by data\n\n\nYou can customize a dashboard's display data by grouping widgets based on criteria, such as:\n\n- Analysts or playbooks associated with the case\n- Products or involved entities\n- Important or unimportant cases\n\n| **Note:** Dashboard data automatically refreshes every five minutes.\n\nYou can filter the displayed data by applying built-in filters, such as tags, case status, case priority, case stage, and case close reasons.\n| **Note:** Simulated alerts aren't included in the dashboard data.\n\nUse-case: Add a new widget to a new dashboard\n\n\nThis section provides the steps for adding a\nnew widget to a new dashboard. The widget provides a pie chart, (default format) showing\nthe top five products that contribute to attacks across all environments in the\nlast six months. This presentation is ordered by the number of attacks in\ndescending order. No filters are applied in this example. No filters are\napplied in this scenario.\n\n1. Go to **Dashboards \\& Reports** \\\u003e **SOAR Dashboards**.\n2. Click filter_alt **Filter** and set the time to **Last 6 Months** and the environment as **All Environments**.\n3. Click keyboard_arrow_down **View all dashboards** and select add **Create New Dashboard**.\n4. Enter `Attacks` as the new dashboard name and click **Create**.\n5. In the new dashboard, click add **Add**.\n6. In the **Widget Settings** dialog, enter `Top 5 Attacks by Products` as the title.\n7. Select **Widget Width**.\n8. \n9. In the data display, **Pie Chart** is set by default. Keep this setting.\n10. Configure the **Pie Chart** fields as follows:\n - **Number of**: Alerts\n - **Calculate field**: Count\n - **Group by**: Product\n - **Number of Results**: 5\n - **Order by**: Descending\n11. Click **Save**.\n\nThe new widget is added to the dashboard as **Attacks**.\n\nThe pie chart displays the top five products associated with attacks across all environments in the last six months.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
