Dashboards & Visualizations

Dashboard for Enterprise Security team from Misson control

vishenps
Path Finder

#mission_control, # splunk cloud
Hi 
In my org primarily Mission Control events are investigated by SOC as soon as they pop up, if futher investigation is needed the incident is escalated to Enterprise security TEAM who is responsible to perform deeper/detailed investigation and update back in Mission Control. 
USE CASE: 
The enterprise security manger wants a DASHBOARD which will inform him about : 
if the investigation is being performed by his team (ES)> how much average time his team member takes to resolve an incident > averaged over a month.  

For ES team I have lookup file or also I can type there name(Only 7-8 people) > I NEED A QUERY WHICH WILL EVALUATE WHEN assigne=(tom,tim,xyz) , difference between update_time & create_time , averaged out over month. 

Field we have :
| mcincidents   add_response_stats=true
| eval create_time=strtime(create_time, "%m/%d%Y %I:%M:%S %p")
| eval update_time=strtime(create_time, "%m/%d%Y %I:%M:%S %p")
| table assigne, create_time, update_time, description, disposition, id, incident_type, name, sensitivity, source_type, summary

Labels (1)
0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...