Data, Data Everywhere
With the average company using more than 15 different security products, each of them spinning up alerts and unique data, the surfeit of information at a SOC’s disposal has never been higher. However, this breadth of data availability has not been matched with the adoption of tools that distill and visualize data across products into relevant metrics. Rather than being used to drive action, much of the data ends up gathering digital dust.
We think Demisto dashboards are the lighthouse to help guide lost SOC ships to shore. Our default dashboards provide visibility into analyst-level, incident-level, and business-level metrics. Additionally, a fully customizable widget editor lets teams create their own dashboards from scratch, enabling the creation of tailored visuals that are powered by Demisto’s rich, underlying data.
With Demisto dashboards, users can:
- Create persona-focused dashboards: CISOs can measure SOC health and business risk, SOC Managers can measure analyst productivity and incident bottlenecks, and analysts can measure incident and indicator trends.
- Create dashboards around incident types: You can choose to focus on a particular incident type and display measurements of other metrics revolving around that incident type.
- Create threat intelligence dashboards: You can monitor indicator traffic, trends, and correlations on your platform and identify malicious artifacts persistent across incidents.
These are just a few of virtually limitless use cases. With Demisto, if you can think of a dashboard, you can make that dashboard.
Let’s look at the default Demisto dashboard:
This dashboard visualizes high-level metrics such as daily new incidents and return on automation investment, personnel-level metrics such as unassigned incidents and late/open tasks, and incident-level metrics such as active incidents by severity and type. Any employee can get a good prima facie view of how the SOC is doing that day.
All the elements on the dashboard are interactable, allowing users to quickly zoom in on an area of interest and snap back out as required.
While this dashboard is a good starting point, users will often require more bespoke data points that speak to their role, a particular incident type, or more. Demisto’s widget library helps realize these requirements.
To create a new dashboard, click the ‘New Dashboard’ button on the top right of the default dashboard screen.
This will bring up a blank canvas and a widget library. Demisto widgets are sub-sets of visualized data. Users can choose from 40+ out-of-the-box widgets that are focused on incidents, indicators, system health, workflow tasks, and more.
To add a widget, click on the ‘Add’ button next to the widget and drag/drop the widget wherever required on the screen. Each widget can be rescaled and repositioned on the canvas to make the dashboard truly customizable.
While the out-of-box widgets add a layer of depth to dashboards, users sometimes require visualizations of specific search queries that they create on the fly. These queries can’t be templatized, and with custom widgets, they don’t have to be.
On Demisto’s incidents and indicators repository, any search query can be crafted into a custom widget and used in dashboards. For instance, the screenshot below shows a query for closed incidents with known owners. If users want to create a widget for ‘Closed Incidents with Known Owners’, they can click the timeline icon on the top right of the relevant visual.
This will bring up a custom widget creator, where users can choose the axes, widget time-frame, layout (bar chart, pie chart, trend line etc.), and other advanced settings. Once saved, this custom search query now becomes a widget that can be pulled up from the widget library and used as required.
In the screenshot below, this same custom widget (in pie-chart form) has been used in a threat intelligence metrics dashboard.
This feature walkthrough just scratches the surface of Demisto dashboards. If you’d like to know more about how dashboards can help paint a personalized picture of your SOC, watch our video walkthrough and sign up for the Demisto Free Edition below.
Stay tuned for more product feature walkthroughs in the weeks to come!