The SecOps App includes a dashboard to understand metrics about Security Incidents.
Two filters apply to all Alert charts:
ServiceNow Incident Creation Timefilter: Sets the time interval for the time at which incidents were created in ServiceNow.Profilefilter: Only data pertaining to selected profiles is included in the charts.
The Security Incident Metrics Dashboard includes the following charts:
- Alerts with Manual Security Incidents: Shows the number of alerts that had a security incident created manually.
- Alerts with Automatic Security Incidents: Shows the number of alerts that had a security incident created automatically.
- Alerts with Open Security Incidents: Shows the number of alerts associated with an open security incident. An incident is
Openif it is one of the following states:DraftAnalysisContainEradicateRecoverReview
- Alerts with Closed Security Incidents: Shows the number of alerts associated with a closed security incident. An incident is
Closedif it is one of the following states:ClosedCancelled
- Open Alerts with Closed Security Incidents: Shows the number of open alerts associated with a closed security incident. An alert is considered
Openif it is one of the following states:OpenIn Progress
An Incident is
Closedif it is in one of the following states:ClosedCanceled
- Assets with Security Incident: Shows the number of assets associated with incidents.
- Alerts to Security Incident Creation: Shows the number of alerts associated with security incidents. This chart includes the following filters:
Group by one of Type, Severity, Manual Security Incident, Security Incident StateStack by one of Type, Manual Security Incident, Security Incident State
- Security Incident Creation Trend: Shows the number of security incidents created over time.
- Longest Open Security Incidents: Shows the list of Security Incidents that have been open for the longest time.
