Enhanced Executive Dashboards

The Executive Dashboard provides a high-level overview of key metrics and operational insights. It includes:

Live EPS Monitoring – Displays real-time events per second (EPS) to track current system activity and ingestion trend.
Detection Rule Coverage – Provides visibility into detection rule coverage, including MITRE ATT&CK–mapped rules, IOC-based, and correlated rule coverage.
Log Source Coverage – Summarizes all available log sources with corresponding event volumes for each source.
Case Status & SLA Tracking – Monitors active security cases and tracks compliance against defined SLA timelines.
Risk Scores – Displays the top five risk scores by host, user, and process, along with the overall organizational risk score.
MITRE Coverage Overview – Visualizes detection coverage across MITRE ATT&CK tactics and techniques.

The Observability Dashboard provides detailed operational insights with a focus on performance and detection metrics. It includes:

EPS Metrics – Peak, average, and current events per second.
Host Online Status – Number of active hosts per log source compared to the total hosts, providing visibility into online assets by logsources.
DPM Metrics – Total number of events processed by the available log collectors or Data Pipeline Manager, offering insight into data ingestion and system throughput.
Top Detected Hosts, Users, and Processes – Displays the top five hosts, users, and processes with the highest number of detections in the last 24 hours.
Highest False Positive Rules – Displays the detection rules with the highest number of false positives in the last 24 hours.
Top MITRE Tactics and Techniques – Displays the top 5 MITRE ATT&CK tactics and techniques observed in detections over the last 24 hours.

Last updated 1 month ago