Document toolboxDocument toolbox

Security Operations Executive Overview Activeboard

Purpose

The Security Operations Executive Overview Activeboard allows you to have a high-level overview of some common SecOps alerts and investigation metrics. It also includes overviews about the current investigation status, alert time to react, percentage of actions and un-actioned alerts, and a list of recent alert actions taken.

Mean Time To Action Alerts: Simple value widget

Actioned Alert Status: Pie chart widget

Investigation Overview: Table widget

Investigations by Status: Pie chart widget

% of Actioned Alerts: Pie chart widget

Actions Taken on Alerts: Table widget

Alerts Severity: Pie chart widget

 

 

 

Security Operations required

You must have the SecOps application installed in your domain so you can effectively install and use this Activeboard.

Prerequisites

To use this Activeboard, you must have the following data sources available on your domain:

  • secops.investigations.history

  • siem.logtrust.alert.info learn more

  • secops.alerts.enriched

Open Activeboard

Once you have installed the Activeboard, you can use the Open button at the top right of the card in Exchange to access it and see the different widgets populated with the relevant data. You can also access the Activeboard area via the Navigation pane.

Data loading takes too long?

Sometimes some widgets take time to upload the data, it is possible to speed up the process by creating aggregation tasks. Refer to the Aggregation tasks article to learn how to do it.

Use Activeboard

After installing and opening the Activeboard, you can use its widgets to visualize and monitor data. To do this, each widget offers a variety of customization and visualization options. Refer to Using widgets and Using inputs to know them all.

Â