Dashboards

dashboards provide real time visibility into soc operations through interactive widgets use dashboards to monitor current state, identify trends, and quickly access records requiring attention choose your path if you want to go to run day to day analyst triage and soc overview dashboards ai soc workspace dashboards /#ai soc workspace dashboards open leadership and operational soc reporting views soc reporting workspace /#soc reporting workspace review return on investment metrics roi calculator workspace /#roi calculator workspace configure tenant credentials before using dashboards related configuration guides /#related configuration guides ai soc workspaces overview current ai soc core solution packages include these workspaces for dashboards and reporting workspace primary audience purpose ai soc (or ai soc workspace ) analysts and soc leads triage, investigation throughput, mitre coverage, threat intelligence, routing rules soc reporting workspace soc and security leadership operational and program reporting views roi calculator workspace leadership and program owners return on investment metrics for automation and ai soc value if your environment lists different workspace titles, open workspaces and select the view that matches your role ai soc workspace dashboards the ai soc workspace includes these dashboards routing rule management , analyst triage queue , security operations overview , mitre att\&ck techniques , and threat intelligence overview if your workspace lists different dashboard titles, open dashboards under the ai soc workspace and use the view that matches your need (queue, overview, mitre, or threat intelligence) analyst triage queue the analyst triage queue dashboard supports daily operations on case management workload active queue, ownership, blocked work, and priority or severity views location navigate to dashboards → analyst triage queue cards included (package default) active triage queue requires attention by current owner cases created over time assigned per analyst blocked cases blocked cases by current owner ongoing cases by priority ongoing case severity incident count ongoing incident list ongoing incidents and cases by priority chart security operations overview the security operations overview dashboard gives leadership style visibility ai outcomes, throughput, dwell and response times, and case criticality location navigate to dashboards → security operations overview cards included (package default) auto closed by hero ai security manager sankey case average dwell time by type mttr by source ai verdicts analyst cases per week heatmap mttd by source case cases by criticality mitre att\&ck techniques the mitre att\&ck techniques dashboard focuses on technique coverage location navigate to dashboards → mitre att\&ck techniques cards included (package default) mitre att\&k heatmap threat intelligence overview the threat intelligence overview dashboard summarizes observable volume and enrichment activity location navigate to dashboards → threat intelligence overview cards included (package default) observables by type observables enriched over time routing rule management dashboard the routing rule management dashboard helps administrators monitor and optimize signal routing rules location navigate to dashboards → routing rule management widgets included routing rule mgmt widget purpose provides overview of routing rule performance and matches when to use monitor rule effectiveness and identify rules needing adjustment action review rule match counts and adjust rules as needed add new rule use add new rule to create a new routing rule from the widget reordering use the drag handle in the order column to reorder rules by drag and drop and change evaluation order open rule or playbook use the icon next to the associated playbook name to open the playbook, or the edit icon on a row to open the triage rule for editing manual run use run rule against pending signals to run the selected rule against signals that are pending routing expand records matched to see which signals were matched by the rule best practice review weekly to optimize routing logic key metrics to monitor number of rules enabled vs disabled rules with highest match counts rules with no recent matches (may need updating or removal) rule execution errors or failures soc reporting workspace the soc reporting application and soc reporting workspace provide leadership oriented views of soc program health, workload, and outcomes use this workspace when you need reporting beyond real time analyst dashboards in the ai soc workspace navigate to workspaces → soc reporting workspace open the default dashboards and reports installed with ai soc core solution confirm your role can access the workspace after install for report definitions and scheduled usage patterns, see reports /reports md and using dashboards and reports effectively /using dashboards and reports effectively md roi calculator workspace the roi calculator application and roi calculator workspace help you quantify value from ai soc automation (for example time saved, cases auto closed by hero ai, and analyst efficiency) use this workspace for executive or program reviews navigate to workspaces → roi calculator workspace review default roi views and inputs shipped with the solution adjust inputs to match your organization’s assumptions where the workspace allows customization roi views depend on data from case management and related ai soc workflows ensure ingestion, enrichment, and case updates are flowing before you rely on roi metrics for leadership reporting related configuration guides dashboards and reports reflect data from configured applications, assets, and sync complete these guides before you expect accurate widgets configuration topic guide install and verify ai soc core solution (applications, workspaces, playbooks) installing and configuring ai soc solution docid b7njxu5xnzyrjcngqg5j turbine tenant credentials (personal access token for core playbooks) and ai soc tenant configuration (cookie based api access) configure custom assets docid\ qdckijlols 7dwzjgrbqk ai soc solution overview ai soc solution docid\ ddizyeiqevgzg8ay0fcc5