Skip to main content
Version: Next

Widgets

Widgets are the core building blocks of Workstation. Each widget provides a specific analytical capability, such as searching events, reviewing object details, visualizing relationships, or tracking changes over time. Widgets are added to and arranged within Workspaces, where analysts combine them to support different workflows.

Current Widgets

The following widgets are currently available in Workstation.

Core Analysis Widgets

These widgets are foundational to most Workstation workflows and are commonly used together.

  • Object Details Viewer: Displays detailed information for a single object, such as an event, notification, or collection. This widget is required for in-depth inspection and is often used alongside other widgets to review selected items.

  • Events Explorer: Shows a searchable, filterable list of ingested events. Use this widget to find events of interest.

  • Collections: Allows users to create, search, and manage collections (case files). Collections group related events and support collaboration, tagging, comments, and reporting.

Multi-Object Analysis

These widgets are used to analyze relationships, geography, and patterns across multiple events.

  • Link Analysis: Visualizes networks of entities and their relationships based on linkage events. Useful for identifying connections, clusters, and influential nodes.

  • Interactive Map: Plots events with geographic data (coordinates or polygons) on an interactive map. Supports both manual plotting and streaming large sets of events for spatial analysis.

Event Provenance and Change Tracking

  • Drilldown: Displays a hierarchical view of an event’s provenance, showing how it was produced by Authoring and the HCEP analytic engine.

  • Risk Score History: Charts how an event’s risk score has changed over time, allowing analysts to identify trends or sudden shifts in risk.

  • Event History: Shows a tabular history of changes made to an event’s data fields, enabling review of what changed and when.

Notification Widgets

These widgets focus on event notifications generated by risk thresholds or other system rules.

warning

These two widgets will be deprecated at a future date.

  • Notifications Explorer: Provides a searchable, filterable view of up to 100 notifications, without being limited to a time window. Useful for reviewing historical or archived notifications.

  • Notifications: Displays a real-time feed of recent event notifications within a configurable time window. Commonly used for monitoring and triage.

Working with Widgets

The basic analyst workflow in Cogynt consists of these steps:

  1. Create a workspace or open an existing workspace.
  2. Add widgets to workspaces as needed.
  3. Manage widget placement and size within a workspace.
  4. Drag events between widgets for further analysis.
Required Permissions
Access to this capability requires the following permissions:
 View & Edit
Workstation
Views

Adding Widgets to Workspaces

Widget usage can vary depending on events created in Cogynt Authoring and how they are processed by HCEP. For example, Link Analysis is reliant on events having established links (such as phone calls or emails) between each other, while the Interactive Map requires geographic data (such as coordinates).

tip

Once a workspace is created, it can contain any number of widgets (including duplicate widgets). For an ideal workflow, widgets should not exceed the height of the screen.

To add a widget to a workspace:

  1. In the lefthand drawer of any open workspace, click the grid icon to Add Widgets. A modal opens containing a list of widgets.
  2. Locate the widget to add to the workspace from the list, and then click ADD. The widget is added to the workspace.
  3. Repeat Step 2 as needed for each desired widget.
  4. Click Close or the close icon (X) beside Add Widgets to the Workspace to close the modal.

A workspace is updated and saved automatically as you add and manage the widgets housed within it.

Renaming Widgets

Any widget can be renamed as needed to suit a specific workspace.

To rename a widget:

  1. From an open workspace containing widgets, locate the widget you wish to rename.
  2. Click the pencil icon () and enter the new name.
  3. Click the checkmark () when you are finished to save the changes, or click the cancel button (X) to discard them.

Resizing Widgets

Widgets placed within a workspace are resizable.

To resize any widget:

  1. Hover the cursor over the bottom-right of the widget. The cursor changes to a diagonal arrow ()
  2. Click and drag the Widget to the desired height and width.

Maximizing and Minimizing Onscreen Widgets

A widget can occupy the full screen when focus is required.

To open widgets in fullscreen:

  1. In the top-right corner of the widget, click the green + button. The widget becomes full screen.
  2. In the top-right corner of the widget, click the orange - button. The fullscreen widget returns to the last configured size within the user's workspace.

Moving Widgets

Widgets can be moved as needed to further customize a workspace.

To move widgets:

  1. Hover the cursor over the top of the widget. The cursor changes to the move icon.
  2. Click and drag the widget to its new location.

Widgets are positioned dynamically, changing the layout as they are adjusted.

Deleting Widgets

When widgets are no longer needed, or have been added by mistake, they can be deleted.

To delete widgets:

  1. In the top-right corner of the widget, click the delete button (X).
  2. Confirm the deletion of the widget to remove it, or click Cancel to retain it.
warning

A deleted widget can be recalled by adding it to a workspace, but settings pertaining to filtering and sorting are not preserved when a widget is deleted.

Dragging Data Between Widgets

Once widgets are sized and placed within a workspace, events and data can be dragged from one widget into another.

To drag data between widgets:

  1. Ensure at least two widgets are open within a workspace.
  2. Locate the drag icon. This icon can be present in the upper right of widgets, or to the left of events in the Events Explorer widget. (Events added to collections do not have a drag icon. Instead, click and drag the event to move it between widgets.)
  3. Drag the drag icon of the entity or event into the other open widget. A semi-transparent rectangle visualizes the entity event you are dragging.
  4. The widget to be used becomes highlighted. Release the click, and the widget renders the data based on its type.