View security incident analytics

You can use the analytics dashboard to view analytics reports on security incidents. Reports are organized under tabs for incidents that are open, new, and closed, as well as incidents that have been tracked based on the average number of days since they were logged.

Before you begin

Role required: sn_si.admin

Procedure

  1. Navigate to Security Incident > Security Dashboards > Analytics.
    The dashboard includes several reports of security incident information.
  2. Select the tab for the state or duration of the security incidents that you want to view reports on.
    TabDescription
    Overview Displays basic information about incidents, such as open incidents, basic indicators, and the number of new security incidents by priority.
    Open, New, or Closed Display reports for security incidents in the selected state.
    Daily, 7d Running, or 28d Running Display reports for security incidents that were logged today, up to 7 days ago, or up to 28 days ago.
  3. Perform any of the following actions.
    OptionDescription
    See the information represented by a chart segment Point your cursor to the segment. A tooltip appears with details about the segment.
    View more details for a chart segment Click a segment to see more details about the element. You may need to scroll up to view the information. Information is organized under the following tabs, depending on the selected element.
    • Chart: The detail of the element displayed in a chart. You can use the controls on the upper right to add or change comments, targets, and thresholds.
    • Breakdowns: The breakdown of the buckets used in the report. Select a chart type from the choice list on the upper right to see the data in another format.
    • Records: The records that comprise the element you selected. You can view the detail of each record.
    • Scores: The number of records for each week in the report.
    • Comments: Comments entered for this report. The tab is disabled unless comments exist.
    • More info: A description of the logic that generates the report, how often the job runs, and when the data was last collected.
    Save the chart as an image file If a menu icon appears when you point your cursor to a chart, you can click the icon to export the chart to an image file.
    In this figure, the tooltip displays the exact number of open security incidents for the date that the cursor is pointed to on the chart for open security incidents.