Cyber Security Team Analytics Dashboard

High Level Design

Overview

Today’s organizations are constantly getting attacked by cyber threats. It is important that the security officer is aware of all kinds of metrics and performance indicators where threats have occurred.

Goals

Monitor and analyze overall cyber threats and response team performance in order to plan prevent actions for offices which considered to be at risk

Objectives

  • Monitor Number of Security incidents and Tickets over time
  • Monitor Number of Incidents and Tickets by Malware Type, Risk Level, Location
  • Monitor Response teamwork and Average Time to Resolution
  • Discover the correlation between Number of Incidents and Security Rating

KPIs Architecture

Objective

KPI’s

Measures

Data source

Monitor Number of Security Incidents and Tickets over time

Number of Incidents

count([Incident ID])

FACT Incidents

Average Incidents per Employee

AVG([Employee ID],[# of unique Incident ID])

FACT Incidents

DIM Employee

Number of Tickets

count([Ticket ID])

FACT Tickets

Number Of Incidents per Ticket

count([Incident ID])/[# of unique Ticket ID]

FACT Incidents

FACT Tickets

Open Security Incidents

(count([Incident ID]),[Status]=”Open”)

FACT Incidents

DIM Response Team

Resolved Security Incidents

(count([Incident ID]),[Status]=”Closed”)

FACT Incidents

DIM Response Team

Open Tickets

([# of unique Ticket ID],[TicketStatus]=”Open”)

FACT Tickets

DIM Response Team

Resolved Tickets

([# of unique Ticket ID],[TicketStatus]=”Closed”)

FACT Tickets

DIM Response Team

Monitor Number of Incidents and Tickets by Malware Type, Risk Level, Location

Number Of Incidents per Incident Type and Malware Type

count([Incident ID])

FACT Incidents

DIM Incident

Number Of Incidents per Malware Type and broken by Risk Level

count([Incident ID])

FACT Incidents

DIM Incident

Monitor Number of Incidents and Tickets by Malware Type, Risk Level, Location

Number of Incidents per State

count([Incident ID])

DIM Incident

Discover the correlation between Number of Incidents and Security Rating

Number Of Incidents Vs. Security Rating Over Last Quarters

count([Incident ID])

AVG([Quarters in Date],[# of unique Incident ID])

MEDIAN([Security  Rating])

DIM Date

FACT Incidents

Monitor Response teamwork and Average Time to Resolution

Average Number of Incidents Per Response Team Member Over the 15 Months (Full)

count([Incident  Owner]),

AVG([Team Member ID],[# of unique Incident ID])

AVG([Months in Date],AVG([Team Member ID],[# of unique Incident ID]))

DIM Date

DIM Response Team

FACT Incidents

Response Time (Days) by Sub Response Team, Broken by Risk Level

(avg([Response  Dwell ( Days)]),[Risk Level]=”Critical”)

(avg([Response  Dwell ( Days)]),[Risk Level]=”High”)

(avg([Response  Dwell ( Days)]),[Risk Level]=”Medium”)

(avg([Response  Dwell ( Days)]),[Risk Level]=”Low”)

DIM Response Team

FACT Incidents

Plugins and Scripts

Blox

https://www.sisense.com/marketplace/blox-widgets/

Image Widget

https://support.sisense.com/hc/en-us/community/posts/221224568-Adding-Logo-Image-to-a-dashboard

Add Custom Palette

https://documentation.sisense.com/latest/creating-dashboards/additional-widget-designs/change-dashboard-pallette.htm#gsc.tab=0


Widget Background Script
 

widget.on(‘processresult’,function(w,e){

     e.result.plotOptions.series.dataLabels.style.color = “white”;

     e.result.plotOptions.series.dataLabels.style.fontSize = “12px”;

     e.result.plotOptions.series.dataLabels.style.fontWeight = “light”;

})

widget.on(‘domready’, function(se, ev){

$(‘.widget-body’ ,element).css(‘fill’,’#2D5874′);

$(element).css(‘background-color’,’#2D5874′);

     $(‘.highcharts-axis-labels text’).css(‘fill’,’white’);

     $(‘.highcharts-legend-item text’).css(‘fill’,’white’);

})

Implementation
Kit

The following resources will enable you to design your dashboard and data model with sample data and then apply it to your own data. Note that you will need to have a previously installed version of Sisense (you can use the free trial version if you’re not a customer).

Sample data and dashboard examples (direct download)

Documentation