Skip to content

06/05/2019

Because we care about your experience on our platform and we want to make it easier for you to track all of your cyberdefense operations, we are happy to announce the launch of our newest feature on SEKOIA.IO: the Security Performance dashboard.

Security Performance is a key performance indicator (KPI) screen that allows users to assess, measure and evaluate the proper functioning of the Security Operations Center and all the defense operations happening on the platform.

Thanks to a selection of performance indicators, users can visually enjoy a follow-up on the different parameters (rules/alerts/...) while being able to measure the impact of their decision-making in real time.

From a technical point of view, the Security Performance is a board where graphs, figures and metrics are listed to track performance and progress while making sense of all the security performance measures.

The data provided on Security Performance is available through the fresh Statistics API and its new endpoints listed in this documentation.

Here are the main performance indicators available on the Security Performance feature:

  • Number of new alerts.

  • Number of new incidents.

  • Backlog line shows the proportion of alerts that have been processed or completed.

  • Auto processed alerts refers to the proportion of automatically processed alerts.

  • Reaction Time displays the average time to start processing an alert.

  • Rules refers to the number of detection rules that have been triggered.

  • Alert Workflow Duration shows the time needed to acknowledge and investigate an alert upon the creation of this one.

  • Precision map indicates the proportion of alerts validated by the operators compared to those rejected. It’s an estimation of the accuracy of users’ rules.

  • Time to close shows the average time necessary to close/resolve an alert.

  • Operators’ Activity traces all actions performed by human operators.

  • Time to resolution by severity helps operators distinguish between the most severe alerts and the less important ones by displaying severity and the time needed to resolve each one.

  • Alert by category shows the most frequent categories of alerts.

If you have any concerns, feel free to contact us at support@sekoia.io.