Viewing SIR Workspace Dashboards

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Viewing SIR Workspace Dashboards

    The Security Incident Response (SIR) Workspace provides essential dashboards that enable users to analyze and monitor security incident metrics such as new incidents and the average age of open incidents. These dashboards consolidate previously available views from the Classic UI and Performance Analytics plugins into a unified workspace experience, improving visibility and management of security incidents.

    Show full answer Show less

    Available Dashboards

    Dashboards fall into two main categories: Standard Dashboards and Performance Analytics (PA) for Security Incident Response Dashboards. The availability of certain dashboards depends on whether the Performance Analytics for Security Incident Response plugin is installed.

    • Standard Dashboards: Included by default in the SIR Workspace, such as the Security Analyst Overview, which helps analysts track critical and high-priority incidents assigned to them.
    • Performance Analytics Dashboards: Available upon plugin installation, offering deeper insights for managers and analysts. Examples include Security Incident Explorer, Security Incident Management, Security Operations Efficiency, and Security Incident Management Premium KPIs.
    • Future Releases: Dashboards like Manager Overview and CISO Dashboard are planned but not yet available.

    Note that some dashboards, such as the CISO Dashboard, might appear in both Standard and Performance Analytics sets but will show enhanced content when the plugin is installed, avoiding duplication.

    Key Dashboard Descriptions

    • Security Analyst Overview: Summarizes incidents and tasks critical to security analysts' work.
    • Security Incident Explorer: Groups incidents by category, location, priority, and impact for quick insight into attack frequency and affected business services.
    • Security Incident Management: Tracks incident lifecycle from detection to recovery, aiding managers in monitoring volume and progress.
    • Security Operations Efficiency: Measures overall SOC performance and efficiency.
    • Security Incident Management Premium KPIs: Provides detailed volume and performance indicators for security incidents.
    • Context Sensitive Analytics: Displays metrics such as average incident age, closure times, and update status.

    Access and Customization

    Users can access SIR Dashboards via the SIR Dashboards icon on the left side of the Security Incident Management Workspace home page. Users with snsi.manager or snsi.admin roles can edit existing dashboards, add new elements, or create custom dashboards, provided they operate within the appropriate workspace scope.

    Navigation steps:

    1. Go to Workspaces > Security Incident Management Workspace.
    2. Click the SIR Dashboards icon.
    3. Select the desired dashboard from the dropdown list.

    These capabilities allow ServiceNow customers to tailor their dashboard views to better monitor and manage security incidents effectively.

    This section present the important metrics to analyze your Security Incident Response process such as new security incidents or the average age of open security incidents.

    In the Classic UI, there are few standard dashboards available under homepage and Performance Analytics Dashboards that are available when Performance Analytics for Security Incident Response plugin is installed. All of these will now be available in the new workspace under the SIR Dashboards section.

    Standard Dashboards under homepage:
    • Security Incident Response Overview
      • Analyst Overview
      • Manager Overview (supported in future releases)
      • CISO Overview (supported in future releases)
    • Platform Analytics for Security Incident Response
      • Security Incident Explorer
      • CISO Dashboard (future release)
      • Security Incident Management
      • Security Incident Management Premium KPIs
      • Security Operations Efficiency
      • Context Sensitive Analytics – SI Dashboard
    Note:
    There might be some repetition of dashboards across standard and platform analytics for security incident response dashboards such as CISO Dashboard. When the plugin is installed, there will be additional content in these dashboards and will not be available as duplicate.

    Users need to install the plugin for the dashboards listed under Platform Analytics for Security Incident Response Dashboards to be present in the workspace. Otherwise, only the standard dashboards will be available.

    In the current version of the SIR Workspace, the following dashboards are available under the SIR Dashboards section. The other dashboards that are missing will be available in later releases.

    Table 1. Security Incident Response Dashboards
    Dashboard Description
    Standard Dashboard
    Security Analyst Overview With this dashboard, security analysts can view security incidents summarized based on analyst’s critical priority work, high priority work, security Incidents that are assigned to the analyst, tasks assigned to the analysts, and incident count.
    Performance Analytics (PA) for Security Incident Response Dashboards
    Security Incident Explorer With this dashboard, security managers and analysts can view security incidents summarized and grouped by category, subcategory, location, priority, and business impact. These views let managers and analysts quickly gain insight into the frequency in which attacks are occurring and which business services are affected.
    Security Incident Management With this dashboard, security managers can easily track the volume, performance, and progress of security incidents from initial analysis/detection to containment, eradication, and recovery.
    CISO Dashboard Proposed to support in future release.
    Security Operations Efficiency With this dashboard, managers and analysts can view overall efficiency metrics and measure the performance of the SOC.
    Security Incident Management Premium KPIs With this dashboard, security managers can track and view the volume, performance, and progress of security incidents from initial analysis/detection to containment, eradication, and recovery.
    Context Sensitive Analytics – S With this dashboard, managers and analysts can view the open security incidents, the average age of open Security Incidents, the average close time of security incidents, the percentage of security incidents that were opened and closed on the same day, and the percentage of the incidents that were not updated in the last 5 days and 30 days.

    Access SIR and PA Dashboards

    The SIR Dashboards icon displayed on the left side of the workspace home page.
    Note:
    Users with sn_si.manager or sn_si.admin access can edit the dashboards. The users must be within the same scope of the dashboards that the user is trying to make edits. For example, security analyst overview dashboard is available in the SIR workspace, then the user should also be in the same SIR workspace scope to make the edits to the dashboard.
    1. Navigate to Workspaces > Security Incident Management Workspace.
    2. Click on the SIR Dashboards Dashboard iconicon.
    3. Select the desired Dashboard from the drop down list.
      Selecting the Security Incident Explorer Dashboard.
    You can edit the dashboards, add new elements to the dashboards, and create your own dashboards. For more information on how to use dashboards, see Working with responsive dashboards