When building a custom dashboard, the SOC Posture template is a great starting point. This template delivers key insights into automated and manual threat responses, highlighting case activity, team performance, and operational efficiency. Below is a detailed breakdown of the included widgets and the actionable conclusions they offer.
Dashboard Widgets Overview
Snapshot View
Created Cases: Tracks the total number of cases created within the specified time range.
Open Cases: Compares the current number of cases in New, In Progress, and On Hold states to the initial count within the selected timeframe.
Closed Cases: Shows the number of cases closed or resolved against the initial count for the same period.
Cases Closed by Automation (coming soon): Counts cases handled and resolved entirely by workflows, without any manual intervention from analysts.
Case Priority
SLA Compliance: Displays the percentage of open and closed cases meeting, exceeding, or approaching SLA deadlines.
Cases by Severity: Provides a breakdown of open cases according to severity levels.
States Breakdown: Details the distribution of cases across various states on a given date.
Investment Planning
Cases by Category and State: Shows the number of cases in each state, categorized for deeper insight.
MTTI by Category: Measures the mean time to investigate, from case creation to its transition out of the New state, by category.
MTTR by Category: Indicates the mean time to resolve, tracking the duration from case creation to resolution or closure, by category.
Analyst Performance
Case Load by Analyst: Displays how cases are distributed among team members, providing insight into individual workloads.
Time to Resolve by Analyst: Shows the average time each analyst takes to resolve a case.
Case Activity - Automation vs. User: A comparative analysis of case management actions performed by automated workflows versus those done by users.