Dashboards

dashboards provide real time visibility into soc operations through interactive widgets use dashboards to monitor current state, identify trends, and quickly access records requiring attention the ai soc workspace in current packages (for example, ai soc beta v1 2 4) includes these dashboards routing rule management , analyst triage queue , security operations overview , mitre att\&ck techniques , and threat intelligence overview older packages may still show signal triage , cases , or ai soc dashboard names; use the closest match in dashboards analyst triage queue the analyst triage queue dashboard supports daily operations on case management workload active queue, ownership, blocked work, and priority or severity views location navigate to dashboards → analyst triage queue cards included (package default) active triage queue requires attention by current owner cases created over time assigned per analyst blocked cases blocked cases by current owner ongoing cases by priority ongoing case severity incident count ongoing incident list ongoing incidents and cases by priority chart security operations overview the security operations overview dashboard gives leadership style visibility ai outcomes, throughput, dwell and response times, and case criticality location navigate to dashboards → security operations overview cards included (package default) auto closed by hero ai security manager sankey case average dwell time by type mttr by source ai verdicts analyst cases per week heatmap mttd by source case cases by criticality mitre att\&ck techniques the mitre att\&ck techniques dashboard focuses on technique coverage location navigate to dashboards → mitre att\&ck techniques cards included (package default) mitre att\&k heatmap threat intelligence overview the threat intelligence overview dashboard summarizes observable volume and enrichment activity location navigate to dashboards → threat intelligence overview cards included (package default) observables by type observables enriched over time routing rule management dashboard the routing rule management dashboard helps administrators monitor and optimize signal routing rules location navigate to dashboards → routing rule management widgets included routing rule mgmt widget purpose provides overview of routing rule performance and matches when to use monitor rule effectiveness and identify rules needing adjustment action review rule match counts and adjust rules as needed add new rule use add new rule to create a new routing rule from the widget reordering use the drag handle in the order column to reorder rules by drag and drop and change evaluation order open rule or playbook use the icon next to the associated playbook name to open the playbook, or the edit icon on a row to open the triage rule for editing manual run use run rule against pending signals to run the selected rule against signals that are pending routing expand records matched to see which signals were matched by the rule best practice review weekly to optimize routing logic key metrics to monitor number of rules enabled vs disabled rules with highest match counts rules with no recent matches (may need updating or removal) rule execution errors or failures