Splunk® SOAR (On-premises)

Administer Splunk SOAR (On-premises)

The classic playbook editor will be deprecated soon. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

Track information about an event or case using HUD cards

Use the head-up display (HUD) in Investigation to quickly track relevant information about an event or case. HUD cards can display a metric from the built-in list or display a custom field. For more information about custom fields, see Create custom fields to filter assets.

Create a HUD Card

Perform the following tasks to create a HUD card:

  1. From the Home menu, select Administration.
  2. Select Event Settings, then HUD.
  3. Select + HUD Card.
  4. Select a HUD card type.
    • Select Preset Metrics to view predefined metrics about your asset, such as remaining tasks, number of failed actions, or tasks exceeding the SLA. Select the desired metric from the drop-down list. and then choose a background color for the HUD card.
    • Select Custom Field to view the information you defined in a custom field. See Create custom fields to filter events. The fields defined there are available in the drop-down list. Choose a background color for the HUD card.
  5. Select Done.

Create a new type of HUD card

You can create a new type of HUD card by creating a basic playbook or by using the REST API.

  • Create a playbook with a single utility block that will call the pin API.
    For details on creating a playbook with a utility block, see Set parameters with the API utility section of the Add functionality to your playbook in using the Utility block article.
  • Call the /rest/container_pin API, as described in /rest/container_pin in the REST API Reference for documentation.

Manage HUD Cards

HUD cards display in Investigations in the same order they appear in the list of HUD cards you created in the Event settings page. Reorder the cards by dragging the cards by the handle ( ☰ ) into the order you want them to be displayed.

Delete a HUD card by selecting the circled x ( ⓧ ) icon to the right of the HUD card definition.

See HUD cards for more information on using HUD Cards in Start with Investigation in .

Last modified on 02 May, 2024
Filter indicator records in   Configure the response times for service level agreements

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.4.0, 5.5.0, 6.0.0, 6.0.1, 6.0.2, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters