Viewing SIR Workspace Dashboards

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Viewing SIR Workspace Dashboards

    The SIR Workspace Dashboards provide essential metrics for analyzing your Security Incident Response (SIR) processes, such as tracking new security incidents and monitoring the average age of open incidents. These dashboards consolidate various views previously available in the Classic UI and Performance Analytics plugins into a unified workspace experience.

    Show full answer Show less

    Available Dashboards

    Within the current SIR Workspace, several key dashboards are accessible under the SIR Dashboards section, with more planned for future releases. These dashboards help different security roles—from analysts to managers—gain insights and manage incident response effectively.

    • Security Analyst Overview: Summarizes critical and high priority incidents, tasks, and incident counts assigned to the analyst.
    • Security Incident Explorer: Provides grouped views of incidents by category, location, priority, and business impact, helping identify attack patterns and affected services.
    • Security Incident Management: Tracks the volume and progress of incidents through all response stages, aiding managers in monitoring workflow.
    • Security Operations Efficiency: Displays efficiency metrics to measure Security Operations Center (SOC) performance.
    • Security Incident Management Premium KPIs: Offers in-depth tracking of incident handling from detection through recovery for managers.
    • Context Sensitive Analytics – S: Shows key operational metrics such as open incident counts, average age, close times, and update recency.
    • CISO Dashboard: Planned for future release to provide executive-level insights.

    Dashboards available under the Performance Analytics for Security Incident Response plugin offer enhanced content and additional views, but require plugin installation to access within the workspace.

    Access and Customization

    Users can access the SIR Dashboards via the icon on the left side of the Security Incident Management Workspace home page. Users with appropriate roles (such as snsi.manager or snsi.admin) and within the relevant workspace scope can edit existing dashboards, add new dashboard elements, and create custom dashboards tailored to their operational needs. This flexibility enables teams to adapt dashboard content to support their unique security workflows.

    Practical Benefits for ServiceNow Customers

    • Unified dashboard experience consolidates key SIR metrics for improved visibility and decision-making.
    • Role-specific dashboards support analysts and managers with relevant insights and tracking.
    • Performance Analytics plugin enhances dashboards with richer data and metrics.
    • Customizable dashboards empower users to tailor views to their operational requirements.

    This section present the important metrics to analyze your Security Incident Response process such as new security incidents or the average age of open security incidents.

    In the Classic UI, there are few standard dashboards available under homepage and Performance Analytics Dashboards that are available when Performance Analytics for Security Incident Response plugin is installed. All of these will now be available in the new workspace under the SIR Dashboards section.

    Standard Dashboards under homepage:
    • Security Incident Response Overview
      • Analyst Overview
      • Manager Overview (supported in future releases)
      • CISO Overview (supported in future releases)
    • Platform Analytics for Security Incident Response
      • Security Incident Explorer
      • CISO Dashboard (future release)
      • Security Incident Management
      • Security Incident Management Premium KPIs
      • Security Operations Efficiency
      • Context Sensitive Analytics – SI Dashboard
    Note:
    There might be some repetition of dashboards across standard and platform analytics for security incident response dashboards such as CISO Dashboard. When the plugin is installed, there will be additional content in these dashboards and will not be available as duplicate.

    Users need to install the plugin for the dashboards listed under Platform Analytics for Security Incident Response Dashboards to be present in the workspace. Otherwise, only the standard dashboards will be available.

    In the current version of the SIR Workspace, the following dashboards are available under the SIR Dashboards section. The other dashboards that are missing will be available in later releases.

    Table 1. Security Incident Response Dashboards
    Dashboard Description
    Standard Dashboard
    Security Analyst Overview With this dashboard, security analysts can view security incidents summarized based on analyst’s critical priority work, high priority work, security Incidents that are assigned to the analyst, tasks assigned to the analysts, and incident count.
    Performance Analytics (PA) for Security Incident Response Dashboards
    Security Incident Explorer With this dashboard, security managers and analysts can view security incidents summarized and grouped by category, subcategory, location, priority, and business impact. These views let managers and analysts quickly gain insight into the frequency in which attacks are occurring and which business services are affected.
    Security Incident Management With this dashboard, security managers can easily track the volume, performance, and progress of security incidents from initial analysis/detection to containment, eradication, and recovery.
    CISO Dashboard Proposed to support in future release.
    Security Operations Efficiency With this dashboard, managers and analysts can view overall efficiency metrics and measure the performance of the SOC.
    Security Incident Management Premium KPIs With this dashboard, security managers can track and view the volume, performance, and progress of security incidents from initial analysis/detection to containment, eradication, and recovery.
    Context Sensitive Analytics – S With this dashboard, managers and analysts can view the open security incidents, the average age of open Security Incidents, the average close time of security incidents, the percentage of security incidents that were opened and closed on the same day, and the percentage of the incidents that were not updated in the last 5 days and 30 days.

    Access SIR and PA Dashboards

    The SIR Dashboards icon displayed on the left side of the workspace home page.
    Note:
    Users with sn_si.manager or sn_si.admin access can edit the dashboards. The users must be within the same scope of the dashboards that the user is trying to make edits. For example, security analyst overview dashboard is available in the SIR workspace, then the user should also be in the same SIR workspace scope to make the edits to the dashboard.
    1. Navigate to Workspaces > Security Incident Management Workspace.
    2. Click on the SIR Dashboards Dashboard iconicon.
    3. Select the desired Dashboard from the drop down list.
      Selecting the Security Incident Explorer Dashboard.
    You can edit the dashboards, add new elements to the dashboards, and create your own dashboards. For more information on how to use dashboards, see Working with responsive dashboards