Executive Dashboard

This dashboard, accessible to MSS or company type users, offers detailed indicators on system health and alert processing, with the ability to filter by date ranges. It provides a comprehensive overview of the main aspects of security and operational efficiency.

Overall Health

Indicates, in a scaled format, the overall average of Info Security, Risk Exposure, Maturity, and Mitre indicators.

Info Security

Average of coverage indicators for relations, event types, and private playbooks.

Risk Exposure

Checks the coverage of the time for first treatment, measuring its compliance with the standards set in the setup. The closer to 0%, the better the indicator.

Maturity

Average of indicators in the Security Operation graph, rated on a scale of up to 5 points.

Mitre

Calculates the coverage of correlation rules for techniques and sub-techniques listed in Mitre.

Attack Vector

Visual representation of the treatment of events by data source, their attack vectors, and related results in the confusion matrix.

Events x Incidents

Visual representation of confirmed incidents, arising from events received by the monitoring system, demonstrating effectiveness in reducing manual labor.

Quality KPIs:

• Average Time To Detect An Incident (MTTD): The average time to identify an incident from the generation of the alert.

• Average Time To Respond To An Incident (MTTR): A performance indicator of the security team measuring the time from the opening of the incident to the start of treatment.

• Average Time To Contain An Incident (MTTC): The time it takes the team from identification to the start of the threat blocking phase.

• Average Time To Repair (MTTR): The time required to fix the problems and eradicate the threat, returning the environment to a safe state.

Incidents By Status

Number of incidents distributed by each type of status.

Confusion Matrix

The number of alerts in each status of the confusion matrix.

Security Operation

Visual representation, with a color rule, indicating the compliance level of various indicators, with descriptions available when hovering over their titles.

• Continuous Monitoring

  • Monitoring Systems

    • Relations: Coverage of treatment of relations in the correlation rules.

  • Data Sources

    • Correlation Rules: Coverage if each event type is linked to at least one correlation rule.

  • Mitre Framework

    • Tactics: Coverage if each technique has at least one correlation rule.

    • Techniques: Coverage if there is at least one correlation rule linked to the technique.

• Incident Response

  • Playbooks

    • Initial Playbooks: Coverage if each correlation rule has at least one initial playbook.

    • Advanced Playbooks: Coverage if each active customer has at least one advanced type playbook.

  • Continuous Operation

    • SLA: Contracted SLA coverage percentage coverage.

    • Quality of Service: Maximum average rating coverage.

    • Response Time: Optimal response time coverage.

• Customer Management

  • Continuous Operation

    • Requests: Coverage of request processing, considering open/closed.

    • SLA: Contracted SLA coverage percentage coverage.

    • Response Time: Optimal response time coverage.

• Automatic Response

  • Automatic Treatment Engine

    • First Response: Mean Time To Treatment an Alert.

    • Workload Reduction: Workload Reduction in Percentage.