The following reports are included in the repository:

Performance Analysis – Handling times

Description Example
MTTD – Mean Time To Detect
The mean time from the creation of the case until the case gets assigned to a user. Format: days-hours-minutes-seconds.
The widget will present ‘0’ if the case is not assigned.
MTTR – Mean Time To Remediate
The mean time from the creation of the case until the case is moved to the remediation stage. Format: days-hours-minutes-seconds. The widget will present ‘N/A’ if there is no remediation stage.
Avg. Handling Time per SOC Role
Presents the time a SOC role spent on average on a case from the moment the case was assigned to this role until the case was closed or assigned to another SOC role.
Avg. Handling Time per Stage
Presents the time that was spent on average on a stage from the moment the stage started until the case was closed or another stage began.
Mean time to Triage
Presents the average handling time per stage for the Triage stage per date for the different rules.
Avg. Handling Time Triage Stage
Presents the average handling time of the Triage stage per date.
Avg. Handling Time per SOC Role per Date
Presents the average handling time per SOC role per date.

Performance Analysis – Analysts Workload

Description Example
Alert Distribution across Rules
Presents the distribution and percentage of alerts per rule type.
Event Distribution across Rules
Presents the percentage of events per rule type.
Open Vs Closed Cases
Presents the distribution of the number of open and closed cases
B
Cases vs Alerts
Presents the distribution of the number of cases and alerts.
False positives vs. Handling time
A dual axis graph which presents the false positive rate on the left side axis vs. the average handling time on the right axis.
False positive rate is the percentage of non-malicious cases out of all cases.
The average handling time is the time from case creation to case closure.
The graph is presenting information regarding closed cases only.

Security Posture and Sensors Performance

Description Example
% of Alerts per Rule
Presents the distribution and percentage of alerts per rule type.
Number of Alerts per Rule per Date
Presents the number of alerts per rule type per date.
% of Alerts per Product
Presents the distribution and percentage of alerts per product.
Number of Alerts per Product per Date
Presents the number of alerts per product per date.
False Positive Rate Vs Product
Presents the false positive rate per product type.
False positive rate is the percentage of non-malicious cases out of all cases.
The graph is presenting information regarding closed cases only.

Playbook Analysis

Description Example
Top 10 Automated Alerts
Presents the top 10 rules with the highest percentage of automated alerts.
An automated alert is an alert that has an automatically attached playbook.
Top 10 Alerts closed by automation
Presents the top 10 rules with the highest percentage of alerts that were automatically closed by a playbook.
The graph is presenting information regarding closed cases only.
False positives vs Handling time for non automated Alerts
For alerts which do not have an automatically attached playbook, the widget presents a dual axis graph which presents the false positive rate on the left side axis vs. the average handling time on the right axis..
The graph is presenting information regarding closed cases only.
The graph will be empty in case there are no alerts without a playbook.

Need more help with this?
Click here to open a Support ticket

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.