Case ManagerGet Started With Case Manager

Download PDF

Table of Contents

The Case Manager Metrics Page

View graphs, charts, and diagrams about how Case Manager is performing in the Metrics page.

The Metrics page is a dashboard of visualizations—graphs, charts, and diagrams—that reflect Case Manager's current state and environment. It measures and assesses how security operations and events are performing.

The Metrics page displaying visualizations and statistics.

Filter the Metrics dashboard by incident assignee and time period. If you select a time period, it is applied across all charts.

Every time you refresh the page, the metrics also refresh.

View visualizations about:

  • Open Incidents - The number of incidents currently open.

  • Mean Time to Resolution - The current mean (average) time to resolve all closed incidents in the environment.

  • Mean Time To Close - The current mean (average) time taken to close all of the currently closed incidents in the environment.

  • Mean Dwell Time - The current mean (average) dwell time for all incidents. Measured by incident start date to incident create date.

  • False Positives - The percentage of false positive incidents found in Incident Responder.

  • Hours Saved - Approximates how much Incident Responder worked equivalent to manual people hours based on the type of incident, average response time, and number of incidents processed.

  • New vs Closed Incidents - A timeline view of how many incidents were created vs closed on a given day.

  • Incidents by Type - A grid that breaks down incidents by their type. Hover over a date to view data specific to that date.Incident Types

  • Work Distribution - Total incidents assigned to each team member, reflects how incidents and workload are allocated across the SOC team.

  • Incidents by Status - A percentage pie chart that breaks down the total incidents by their current status - New, In Progress, Pending, Resolved, Closed.

  • Mean Time to Resolution Table - Mean time to resolution based on incident type, as measured from the time an incident is marked In Progress to when it is marked Resolved.

  • Incident Breakdown - The number of open incidents, created incidents, closed incidents, and the average time that an incident remains unassigned to a user.

To download the current dashboard as a PDF, click download A blue circle with an arrow pointing down to an appliance.. The PDF contains data for all visualizations.