Using Dashboards and Reports Effectively

daily operations morning routine open signal triage dashboard review signals requiring attention widget check signals new report for unclaimed signals review malicious & critical widget for active threats check cases requiring attention for urgent cases throughout the day monitor dashboard widgets for real time updates use reports to investigate specific patterns or issues check signals oldest periodically to prevent backlog end of day review signals by status to ensure signals are progressing check cases by status for case workflow health document any trends or issues observed weekly reviews performance analysis review signals verdict & severity overall for trends analyze ai verdicts vs manual verdicts for accuracy check routing rule management for rule effectiveness review signals oldest and cases oldest for backlog optimization adjust routing rules based on match patterns update priorities based on verdict and severity trends identify and address workflow bottlenecks customizing reports creating custom reports navigate to the application (signal triage, cases, and so on ) go to reports section click add to create a new report configure filters, columns, and sorting save the report for future use best practices for custom reports use descriptive names that indicate the report's purpose include relevant filters to narrow results add columns that provide actionable information set appropriate default sorting (for example, by creation date or priority) share reports with team members who need them interpreting metrics signal volume trends monitor daily signal counts to identify volume spikes compare current volume to historical averages investigate sudden increases in signal volume verdict distribution track ratio of malicious to benign verdicts monitor false positive rates identify trends in suspicious verdicts resolution times track time from signal creation to resolution identify signals exceeding sla thresholds monitor case resolution times enrichment coverage track percentage of signals with completed ti enrichment monitor enrichment completion times identify observables without enrichment results