How Can I Calculate/Measure Mean Time To Contain a Security Incident in Security Incident Response?
Dear ServiceNow Community Colleagues, I would greatly appreciate any help/guidance on this:
I have been asked by a client to calculate, measure and show on a Performance Analytics Dashboard, the measurement : 'Mean Time to Contain' (Average Time to Contain) a Security Incident, in the Security Incident Response (SIR) module, including showing this for historical records.
'Contain' is one of the Lifecycle States, that the Security Incident can be set to, for any period of time.
Please kindly provide guidance on the metrics and calculation, the automated / formula indicators and most importantly, what is the Script I need to use, to calculate 'Mean Time to Contain' for an SIR (on the Security Incident table)?
Is this even possible to calculate to gather historical records (using Performance Analytics) for 'Mean Time to Contain', or can this only be established by setting up a scripted 'Metric' and then measured going forward, by gathering duration for the time Security Incidents are in the 'Contain' state, going forwards (but not possible for historical measurement) ?
Thanks very much as always, for any guidance & advice on how to achieve this.
