Security Operations Executive Overview Activeboard
Purpose
The Security Operations Executive Overview Activeboard allows you to have a high-level overview of some common SecOps alerts and investigation metrics. It also includes overviews about the current investigation status, alert time to react, percentage of actions and un-actioned alerts, and a list of recent alert actions taken.
Â
Security Operations required
You must have the SecOps application installed in your domain so you can effectively install and use this Activeboard.
Prerequisites
To use this Activeboard, you must have the following data sources available on your domain:
secops.investigations.history
siem.logtrust.alert.info
learn moresecops.alerts.enriched
Open Activeboard
Once you have installed the Activeboard, you can use the Open button at the top right of the card in Exchange to access it and see the different widgets populated with the relevant data. You can also access the Activeboard area via the Navigation pane.
Data loading takes too long?
Sometimes some widgets take time to upload the data, it is possible to speed up the process by creating aggregation tasks. Refer to the Aggregation tasks article to learn how to do it.
Use Activeboard
After installing and opening the Activeboard, you can use its widgets to visualize and monitor data. To do this, each widget offers a variety of customization and visualization options. Refer to Using widgets and Using inputs to know them all.
Â