Reports

reports provide detailed, filterable views of signals, cases, and soc metrics use reports for analysis, auditing, and generating insights beyond real time dashboards signal reports signals new purpose lists all new signals that haven't been claimed or started when to use daily triage to identify unworked signals filters use filters to narrow by source, severity, or organization best practice review at shift start to claim signals for investigation signals in progress purpose shows signals currently being investigated when to use monitor active investigations and workload distribution filters filter by owner, priority, or severity best practice use to balance workload across analysts signals blocked purpose lists signals that are blocked or waiting on dependencies when to use identify signals that need unblocking or escalation filters filter by blocking reason or owner best practice review daily to prevent signals from being forgotten signals elevated to case purpose shows signals that have been escalated to cases when to use track escalation patterns and case creation filters filter by escalation date, case status, or signal type best practice monitor escalation rates to identify trends signals high severity purpose lists all high severity signals when to use prioritize high severity investigations filters filter by status, verdict, or owner best practice ensure high severity signals are being addressed promptly signals critical severity purpose shows all critical severity signals when to use immediate triage for critical threats filters filter by status, verdict, or source best practice critical signals should be reviewed immediately signals malicious verdicts purpose lists signals with malicious verdicts (ai, manual, or ti) when to use focus on confirmed threats requiring response filters filter by severity, status, or escalation state best practice prioritize malicious verdicts for investigation and response signals suspicious verdicts purpose shows signals requiring further investigation when to use identify signals that need additional analysis filters filter by confidence level, severity, or age best practice review suspicious verdicts to determine if they should be escalated signals malicious & critical purpose combines malicious verdicts with critical severity when to use identify highest priority confirmed threats filters filter by source, organization, or owner best practice these signals require immediate attention signals suspicious & critical purpose shows suspicious verdicts with critical severity when to use prioritize high risk signals needing investigation filters filter by age, source, or enrichment status best practice investigate promptly to confirm or dismiss threats signals verdict & severity overall purpose cross tabulation of verdicts and severity levels when to use analyze verdict distribution patterns filters filter by time period, source, or organization best practice use for trend analysis and capacity planning signals ai verdicts purpose lists signals with hero ai generated verdicts when to use review ai analysis coverage and accuracy filters filter by confidence level, verdict type, or manual override best practice compare ai verdicts with manual verdicts to assess ai performance signals threat intel verdicts purpose shows signals with threat intelligence verdicts when to use assess ti enrichment coverage and effectiveness filters filter by ti provider, verdict type, or enrichment status best practice monitor ti verdict distribution to identify threat trends signals status purpose lists signals grouped by workflow status when to use monitor signal progression through workflow filters filter by status, priority, or time period best practice use to identify workflow bottlenecks signals severity purpose shows signals grouped by severity level when to use assess severity distribution and resource allocation filters filter by status, verdict, or source best practice ensure severity levels are set appropriately signals require attention purpose lists signals that need analyst action when to use daily triage to identify signals needing review filters filter by attention reason, priority, or owner best practice review at shift start and throughout the day signals ready for prioritization purpose shows signals that have been triaged but need priority assignment when to use identify signals waiting for priority determination filters filter by source, severity, or age best practice assign priorities promptly to maintain workflow signals priority purpose lists signals grouped by priority level when to use monitor priority distribution and workload filters filter by status, severity, or owner best practice ensure priorities reflect business impact signals oldest purpose shows signals ordered by creation date (oldest first) when to use identify stale signals that may need closure filters filter by status, priority, or source best practice review weekly to prevent signal backlog signals intel verdict & severity purpose cross reference of threat intelligence verdicts with severity when to use prioritize signals based on ti verdict and severity filters filter by ti provider, verdict type, or time period best practice focus on high severity signals with malicious ti verdicts case reports case requires attention purpose lists cases that need immediate analyst action when to use daily case triage filters filter by attention reason, priority, or owner best practice review at shift start case status purpose shows cases grouped by workflow status when to use monitor case progression and identify bottlenecks filters filter by status, priority, or time period best practice track case resolution rates case oldest purpose lists cases ordered by creation date (oldest first) when to use identify cases that may be stuck filters filter by status, priority, or owner best practice review weekly to prevent case aging cases priority purpose shows cases grouped by priority level when to use assess case workload and resource allocation filters filter by status, severity, or owner best practice ensure critical cases are progressing cases oldest purpose lists cases that have been open the longest when to use identify cases needing escalation or additional resources filters filter by status, priority, or organization best practice review weekly to prevent case backlog routing rule reports routing rule management purpose provides detailed view of routing rule performance when to use monitor rule effectiveness and optimize routing logic filters filter by rule status, match count, or rule order best practice review weekly to identify rules needing adjustment key metrics rules matched count rules with no matches (may need updating) rule execution errors rules by order and priority