Overview
Monitor your Security Operations in the context of Incident management. Requires integrations with security systems able to feed OpenCTI with alerts and incidents.
A Dashboard dedicated to monitor your Security Operations in the context of Incident management. it requires integrations with security systems able to feed OpenCTI with alerts and incidents.
Composition
This Dashboard is designed to give you first an overview of Incidents and Alerts volume in the platform through a row of widgets about Incidents Responses Cases, Incidents, Alerts and Sightings.
The second row displays a selection of widgets helping you visualize quickly if something require immediate attention from the team.
Then, this Dashboard gives you some global metrics and trends about incidents and sightings, for example with a breakdown by sources.
At last, global metrics are provided to highlight possible gaps in your Security Posture.
Data prerequisites
As any Dashboard in OpenCTI, it relies on structured data. In order to work, your platform must have:
- Incidents, Incident Response Cases with Status workflow set up. Some widget configurations will need adjustment to adapt to your own workflows.
- relationships “related-to” between IP address/Hostname/User account and Incident.
- relationships of any sort between Incident and Attack Pattern.
This kind of structured data can be provided through integrations (connectors) with security system, like Microsoft Sentinel, Tanium Threat Response or HarfangLab ones.
Depending on the way your data are structured, this dashboard might need some adjustments. Please contact Filigran on Slack if you need any help!