Executive Dashboard
Last updated
Last updated
This dashboard, accessible to MSS or company type users, offers detailed indicators on system health and alert processing, with the ability to filter by date ranges. It provides a comprehensive overview of the main aspects of security and operational efficiency.
Indicates, in a scaled format, the overall average of Info Security, Risk Exposure, Maturity, and Mitre indicators.
Average of coverage indicators for relations, event types, and private playbooks.
Checks the coverage of the time for first treatment, measuring its compliance with the standards set in the setup. The closer to 0%, the better the indicator.
Average of indicators in the Security Operation graph, rated on a scale of up to 5 points.
Calculates the coverage of correlation rules for techniques and sub-techniques listed in Mitre.
Visual representation of the treatment of events by data source, their attack vectors, and related results in the confusion matrix.
Visual representation of confirmed incidents, arising from events received by the monitoring system, demonstrating effectiveness in reducing manual labor.
Average Time To Detect An Incident (MTTD): The average time to identify an incident from the generation of the alert.
Average Time To Respond To An Incident (MTTR): A performance indicator of the security team measuring the time from the opening of the incident to the start of treatment.
Average Time To Contain An Incident (MTTC): The time it takes the team from identification to the start of the threat blocking phase.
Average Time To Repair (MTTR): The time required to fix the problems and eradicate the threat, returning the environment to a safe state.
Number of incidents distributed by each type of status.
The number of alerts in each status of the confusion matrix.
Visual representation, with a color rule, indicating the compliance level of various indicators, with descriptions available when hovering over their titles.
Continuous Monitoring
Monitoring Systems
Relations: Coverage of treatment of relations in the correlation rules.
Data Sources
Correlation Rules: Coverage if each event type is linked to at least one correlation rule.
Mitre Framework
Tactics: Coverage if each technique has at least one correlation rule.
Techniques: Coverage if there is at least one correlation rule linked to the technique.
Incident Response
Playbooks
Initial Playbooks: Coverage if each correlation rule has at least one initial playbook.
Advanced Playbooks: Coverage if each active customer has at least one advanced type playbook.
Continuous Operation
SLA: Contracted SLA coverage percentage coverage.
Quality of Service: Maximum average rating coverage.
Response Time: Optimal response time coverage.
Customer Management
Continuous Operation
Requests: Coverage of request processing, considering open/closed.
SLA: Contracted SLA coverage percentage coverage.
Response Time: Optimal response time coverage.
Automatic Response
Automatic Treatment Engine
First Response: Mean Time To Treatment an Alert.
Workload Reduction: Workload Reduction in Percentage.
Color Standards for Performance Indicators:
Green (Excellent Performance): Indicates a performance that is equal to or greater than 90%. This green color standard is used to represent high efficiency or compliance, signifying that the indicator is operating at an optimal level.
Orange (Moderate Performance): Represents a performance between 60% and 89.99%. The orange color is used for indicators that are performing moderately, suggesting there is room for improvement, but the performance is still acceptable.
Red (Insufficient Performance): Used for performances below 60%. The red color alerts to an unsatisfactory performance, indicating that the indicator is below an acceptable level and needs immediate attention for improvement.
Gray (Inactive): Applied to indicators that are currently inactive. The gray color signals that the indicator is not in use or does not have sufficient data for performance evaluation at the moment.
