- Super Administrator
- Administrator
- SOC Manager
- Security Analyst
Dashboard provides a holistic view of the state of Security operations and Security Incidents for the organization.
Doughnut Charts
| Feature | Tab | Description |
| Overall Incident Summary | Severity | Gives a doughnut chart that displays the Overall Incident Summary of total incidents as per Critical, High, medium, and Low Severity. |
| Status | Gives a doughnut chart that displays the Overall Incident Summary of total incidents as per Open, Investigation, Remediation, and Closed Status. |
| Feature | Filter | Description |
| Incident Assignment |
Severity Critical, High, medium, Low All |
Gives a doughnut chart that displays the percentage of allocated incidents as per Total open incidents and Allocated incidents.
|
| Feature | Filter | Description |
| Closed Incident Summary |
1 Week 1 Month | Gives a doughnut chart that displays the number of incidents that are Suspicious, False Positive, and True Positive.
|
| Average Incidents Rate- Open vs Closed |
Severity, Type 1 Week, 1 Month | Gives a line graph of the Average Incident Rate Open vs Closed.HOvering over the points in the graph display the incident stats. |
Bar Graph and Line Graph
| Feature | Filter | Description |
| Alerts by MITRE Tactics |
1 Week , 1 Month | Information about MITRE attack Metrics gives a bar graph that displays the number of alerts against tactics. Hover above each graph to view no. of alerts and tactics. |
| Affected Endpoints Trend | Gives a line graph that displays the count of affected endpints as per the selected period (Week/Month)Hovering over the points on the peaks in the graph will display the number of alerts for that specified date. | |
| Daily Active Endpoints | Gives a line graph that displays the count of active endpints as per the selected period. Hovering over the points on the peaks in the graph will display the number of active endpoints for that specified date. | |
| Daily Alert Rate | Gives a line graph that displays the count of alerts as per the selected period. Hovering over the points on the peaks in the graph will display the number of alerts for that specified date. |
Mean Time Dashlets
Mean Time to Detect
The Mean Time to Detect is the duration from an incident created time to an incident remediate time.
This graph shows the data for the last 30 days for the critical, high, medium, and low-severity incidents.
The following filter is available on the graph,
| Filter | Values |
|---|---|
| Incident Types | Unknown, Phishing, Malware, MITM, Insider Threat, Privilege Escalation. Web Application Attack, Anomaly Detection, APT, Endpoint, Email, Network, EPP. and UBA Credential Access |
Mean Time to Respond
The Mean Time to Respond is Time Taken to change the status of an Incident to Investigation from Incident creation Time.
This graph shows the data for the last month for the critical, high, medium, and low-severity incidents.
The following filter is available on the graph,
| Filter | Values |
|---|---|
| Incident Types | Unknown, Phishing, Malware, MITM, Insider Threat, Privilege Escalation. Web Application Attack, Anomaly Detection, APT, Endpoint, Email, Network, EPS, and UBA Credential Access |
Mean Time to Remediate
The Mean Time to Remediate is the time Taken to change the status of an Incident to Closed from Incident creation Time.
This graph shows the data for the last month for the critical, high, medium, and low-severity incidents.
The following filter is available on the graph,
| Filter | Values |
|---|---|
| Incident Types | Unknown, Phishing, Malware, MITM, Insider Threat, Privilege Escalation. Web Application Attack, Anomaly Detection, APT, Endpoint, Email, Network, EPS, and UBA Credential Access |
Top Incidents
Here, you can see the top incidents listed per severity. You can select the top incidents for last 24 hrs or for a week.
Highest Loaded Analyst
Displays a weekly summary of the highest loaded analysts with their assigned incidents.This provides you the insights to manage your analysts per their workload. A SOC manager can assign/ reassign the analysts with the incidents accordingly.
Average Late Incident
Based on the Incidents SLA, this dashlet displays the incidents that are running late.
These incidents are categorized as Critical, High, Medium, and Low severity.
Analyst Allocation by Incident Type
This dashlet displays the number of analysts assigned per incident types.Hovering over the bars will display the number of analysts assigned to that incident type.
Top Late Incidents
As per the SLAs, the late incidents are listed here under the titles Name of incident, Severity, Late by (days, time), Number of Alerts, and Analyst assigned to it.
Scheduling Dashboard Report
Note ☛
- Only users with Super Admin, Admin, or SOC Manager privileges have the ability to schedule dashboard reports.
- In the Dashboard report scheduling feature, users will exclusively receive the Default dashboard in PDF format, without any filters applied.
To schedule reports for dashboards, follow the instructions provided in the details here.
To schedule dashboard report, follow these steps:
- Accessing the Scheduler Page: From the Dashboard Page, find and click on the Schedule Export button. This action will direct you to the Create New Scheduler page.
- Configuring Schedule for Sending Report: In the "Configure Schedule for Sending Report" section, you can specify when and how frequently the report should be sent.
- Selecting Report Frequency: Within this section, you'll encounter a dropdown menu labeled "Report Frequency". Click on it to reveal options such as "Daily," "Weekly," and "Monthly". Select the frequency that aligns with your desired report generation schedule.
- Setting Report Format: By default, the report format is typically set to PDF.
- Entering Email Addresses: Identify the email address field provided. Here, you can input the email addresses of the recipients who are intended to receive the scheduled report. You can add anywhere from 1 to 5 email addresses. Once entered, clicking the "Add" button will display the added email addresses under the "Added Email Addresses" label.
Downloading Consolidated report
To download the Seqrite XDR consolidated report in PDF format, click Export. The report will be downloaded immediately on the working machine.