Common Widgets

Details
Content
Dependencies
Version History

Frequently used widgets pack.

Automations

Name	Description
FeedIntegrationErrorWidget	Returns a table widget of enabled feed integration instances that errors out on indicators fetch.
WidgetNoOp	A no-op placeholder script used by visual-only widgets (e.g. Page Break, Text Widget) that require a script dataType but do not need to query any data source. Returns a mock result to prevent unnecessary database queries.
MyToDoTasksWidget	A script that creates a table of all the ToDo tasks assigned to the current user.
RSSWidget	Script Widget - RSS Feed.

Widgets

Name	Description
Malicious Indicators Activity
Least executed Commands per Instance	Least executed Commands per Instance
Malicious Indicators Activity by Type
Most Active Investigations
Busy Workers per Engine (last 24h)	Number of busy workers per engine in the previous 24 hours
Active Incidents by Role
Incidents Occurred Per Day
Command executions per Incident Type	Command executions per Incident Type
Image
MTTR by Type (in minutes)	Shows changes in Mean Time to Resolution (in minutes), over time, while differentiating between incident types.
Incident Types by Severity
MTTR Occurred by Type
Investigation Activity Timeline
Average Incident Duration by Role (Avg)
Commands executed	Commands executed
Late Tasks by User
Elastic JVM Memory Current Usage	Elastic JVM Memory Current Usage %
Return On Investment (ROI)
Page Break Widget	Use the page break widget in a report to force a page break before the widgets that follow.
Mean Time to Containment
Playbook runs	Playbook runs
Command execution errors	Command execution errors
Task executions	Task executions
Incident Severity by Type
Command execution errors per Instance	Command execution errors per Instance
Incidents by Role
Unassigned Active Incidents
Average runtime per Automation (top 5)	Average runtime per Automation (top 5)
Feed Integrations Errors	Feed integrations indicators fetch errors
Server CPU Usage % (last 24h)	Server CPU usage in the previous 24 hours
Indicators Activity by Type
Manual Command execution errors (top 5)	Manual Command execution errors (top 5)
Incidents by Phase
Closed Incidents by Role
MTTR by Severity
MTTD by Severity
Failed Manual Tasks	Failed Manual Tasks
Unassigned Incidents
Tasks By State
Unassigned Pending Incidents
Top 10 Attack Pattern Indicators in Related Incidents
Closed By Dbot	Showing percentage of incidents handled and closed by DBot, without an owner being assigned to, across all incidents in the provided period
Mean Time to Triage
Unassigned Incidents
MTTD by Type	A widget that shows the Mean Time to Detection, by incident type.
CPU Current Usage
Server Memory Usage % (last 24h)	Server memory usage % (previous 24 hours)
Command execution type	Command execution type
Late Tasks
Elastic Disk Current Usage	Elastic Disk Current Usage %
Latest Messages
Active Indicators by Verdict
Late Incidents
Command executions errors	Command executions errors
Task execution errors	Task execution errors
CPU Usage % per Engine	Current CPU usage percentage per engine
Failed Automation executions per Incident Types (top 5)	Failed Automation executions per Incident Types (top 5)
Remediation SLA by Status	The remediation SLA status of all incidents that started a remediation process. The widget takes into account incidents from the last 30 days by default, and inherits new time range when the dashboard time changes.
Feeds Errors
Unassigned Closed Incidents
My Tasks
Within SLA by Type
Most Active Users
Disk Usage % per Engine (last 24h)	Disk usage percentage per engine in the previous 24 hours
SLA by Incident Type
MTTC by Severity
Incidents in Error Run Status
My ToDo Tasks	A widget that presents a table of all the ToDo tasks assigned to the current user.
Incidents By Close Reason
Top Users Closed Manual Tasks	Top Users Closed Manual Tasks
Mean Time to Resolution (Occurred)
My Messages
Executions by status per Automated Tasks (top 5)	Executions by status per Automated Tasks (top 5)
Detection SLA by Status	The detection SLA status of all incidents that their severity was determined. The widget takes into account incidents from the last 30 days by default, and inherits new time range when the dashboard time changes.
Active Indicators Volumes by Feed
Elastic CPU Current Usage	Elasticsearch CPU Current Usage %
Top Active Playbooks
Relationship Generating Integrations
Average runtime per Playbook (top 5)	Average runtime per Playbook (top 5)
Open Tasks Per User
Disk Usage % per Engine	Current disk usage percentage per engine
Important Messages
CPU Usage % per Engine (last 24h)	CPU usage percentage per engine in the previous 24 hours
Top 10 File Indicators in Related Incidents
Disk Current Usage
Memory Current Usage
Playbook run errors	Playbook run errors
Memory Usage % per Engine	Current memory usage percentage per engine
Average runtime for Playbooks	Average runtime for Playbooks
MTTT by Severity
TopMaliciousRatioIndicators	Malicious Ratio indicator widget shows indicator that appear in high ration at bad incidents
Memory Usage % per Engine (last 24h)	Memory usage percentage per engine in the previous 24 hours
Top executed Commands	Top executed Commands
Late SLA by Type
Indicators Activity
Manual Verdict Indicators by User
Most Active Integrations
Active Incidents Assigned by User
Average runtime by Instance per Command (top 5)	Average runtime by Instance per Command (top 5)
Manual Verdict Indicators
Least executed Commands	Least executed Commands
Command average runtime per Instance (top 5)	Command average runtime per Instance (top 5)
Active vs Expired Indicators
Executions by status per Manual Tasks (top 5)	Executions by status per Manual Tasks (top 5)
Active Incidents - Line chart
Command executions per Integration Category	Command executions per Integration Category
Late Incidents
Busy Workers Count per Engine	Current number of busy workers per engine
Incidents Top Close Analysts
Text Widget
Running playbooks
Active Incidents - Pie chart
Indicators in Related Incidents
Incidents Dropped in Preprocessing
Malicious/Suspicious Indicators in Incidents
MTTR by Type	Shows changes in Mean Time to Resolution (in hours), over time, while differentiating between incident types.
Mean Time to Detection	The mean time (average time) to detection across all incidents that their severity was determined. The widget takes into account incidents from the last 30 days by default.
Unit 42 Blog Feed
Command execution errors per Integration Category	Command execution errors per Integration Category
Failed Playbooks runs	Failed Playbooks runs
Workers per Engine	Current number of workers per engine
Errors by Incident Type per Command (top 5)	Errors by Incident Type per Command (top 5)
Average runtime by Incident Type per Playbook (top 5)	Average runtime by Incident Type per Playbook (top 5)

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (4)

Pack Name	Pack By
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR

1.3.0 - 8009783 (March 30, 2026)

Scripts

New: WidgetNoOp

Added a new no-op placeholder script used by visual-only widgets (e.g. Page Break, Text Widget) that require a script dataType but do not need to query any data source. Returns an empty result to prevent unnecessary database queries.

Widgets

Changed the dataType from incidents to scripts and set query to WidgetNoOp to prevent unnecessary database queries against the incidents table when the widget is rendered.

Changed the dataType from incidents to scripts and set query to WidgetNoOp to prevent unnecessary database queries against the incidents table when the widget is rendered.

Related pull requests:
- 43572

Download

1.2.60 - 6580350 (January 6, 2026)

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 42564

Download

1.2.59 - 6238358 (December 11, 2025)

Scripts

MyToDoTasksWidget

Updated the Docker image to: demisto/python3:3.12.12.6204436.

FeedIntegrationErrorWidget

Updated the Docker image to: demisto/python3:3.12.12.6204436.

Related pull requests:
- 42247

Download

1.2.58 - 5940029 (November 20, 2025)

Scripts

RSSWidget

Updated the Docker image to: demisto/py3-tools:1.0.0.5475267.

Related pull requests:
- 41956

Download

1.2.57 - 5538136 (October 23, 2025)

Common Widgets

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 41627

Download

1.2.56 - 4096037 (July 8, 2025)

Scripts

MyToDoTasksWidget

Updated the Docker image to: demisto/python3:3.12.8.3296088.

FeedIntegrationErrorWidget

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

1.2.55 - 4049458 (July 3, 2025)

Common Widgets

Documentation and metadata improvements.

Related pull requests:
- 40478

Download

1.2.54 - R3414854 (May 15, 2025)

Scripts

RSSWidget

Metadata and documentation improvements.

FeedIntegrationErrorWidget

Metadata and documentation improvements.

MyToDoTasksWidget

Metadata and documentation improvements.

Related pull requests:
- 39142

Download

PUBLISHER

PLATFORMS

Cortex XSOAR

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	June 30, 2020
Last Release	March 30, 2026

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.

Common Widgets

Scripts

New: WidgetNoOp

Widgets

Page Break Widget

Text Widget

Common Widgets

Scripts

MyToDoTasksWidget

FeedIntegrationErrorWidget

Scripts

RSSWidget

Common Widgets

Scripts

MyToDoTasksWidget

FeedIntegrationErrorWidget

Common Widgets

Scripts

RSSWidget

FeedIntegrationErrorWidget

MyToDoTasksWidget

PUBLISHER

PLATFORMS

INFO

DISCLAIMER