Default Advanced Reports In Depth
The following Reports will be added in the near future for Looker customers. They are currently available in the Marketplace for Tableau customers.
Alerts and Entities Report: This report provides a look into the most commonly impacted Entities including Address, Destination URLs, Hostnames etc. A snapshot of most impacting Incidents and most impacted entities is provided in detail. Pre - Requisites 1. Should use Incident flag for identifying Incidents in Cases.
Analysts Case Load Tracker: This report provides clarity on the workload that each Analyst handles across your Security Operations at any particular time.
Customer Report: Customer Report is a summary dashboard that provides an overall visibility across main aspects of your Security Operations Center coverage. Pre - Requisites 1. Should use Mark as Important flag for identifying Important Cases 2. Should use Incident flag for identifying Incidents 3. SLA should have been defined for Closure of Cases 4. All Non Malicious Cases are considered False Positives in this dashboard.
Executive Dashboard: This is a simple, elegant dashboard created for monitoring critical KPI. It reflects a summary of all Incidents, Resolution Times, SLA targets and more. Pre - Requisites 1. Should use Incident flag for identifying Incidents 2. SLA should have been defined for Closure of Cases 3. Escalated Cases should be identified by a stage Escalated.
Managed Detection and Response Dashboard: This report is designed to track Alerts, Cases and important SLA information. This is a compact dashboard, perfect for daily, weekly or monthly report needs. Pre - Requisites 1. Escalated Cases should be marked by Stage Escalated 2. We consider Triage as the time a case was acknowledged.
Monthly Threat Monitoring Report: A monthly report that provides a summary of Alerts, Products, severities and much more.
MTTX: MTTX is a clean dashboard created for customers who like to track time taken for specific actions. This report helps you track time from “Case Creation Time” to “Start/End” of specific incident handling stages. Stages and end/start time of the report as well as other parameters can be further edited. How to Update Parameters? 1. Download the report from Siemplify Marketplace 2. Go to Edit Report in Tableau Server or Tableau Desktop 3. Select and go to one of the Charts 4. In the bottom left, you will see the list of Parameters like Chart 1 Stage, Chart 1 Start / End. If you select Acknowledgement, Start for Chart 1, it will show mean time to get from Creation Time to Start of Acknowledgement.
Performance Analysis - Analysts Workload: This report provides a clear view of your SOC’s workload via alerts and events distributions, open vs closed cases trends, alert grouping performance over time, and false positive trends. For detailed information on this report click here.
Performance Analysis - Handling times: This report presents the mean time to detect and resolve metrics for alerts and cases, on multiple cohorts such as teams, alert types and stages, and provides visibility to your SOC performance. For detailed information on this report click here.
Playbook Analysis: This report provides metrics for automation performance and helps you understand how automation improves your SOC performance and reduces handling times. For detailed information on this report click here.
ROI Report: This Report is a one-page dashboard created to show how automation is saving time and effort across your organization. Summary of all automated and manual actions as well as its distribution across different products is reflected for a more granular visibility.
Security Operations Center Report: This report is mainly designed for clients with multiple tenants (i.e. MSSP). Switching between different environment metrics as well as specific timestamps is supported for a more detailed flexibility. Short summary for certain charts makes it perfect for a weekly or monthly report schedule.
Security Posture and Sensors Performance: This report provides clear visibility to threat status and trends over time. It also provides insight to sensors' performance trends and false positive metrics, thereby providing actionable insights for sensors' tuning and improvement. For detailed information on this report click here.
TIER Performance: Overall Clearance Tracker is a dashboard to track case load of your Security Operations Center across different TIERs.