This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Security Incident Response Overview dashboard
The Security Incident Response Overview dashboard in ServiceNow provides an executive, role-tailored view of security incident activity, enabling users to track trends, access detailed reports, and drill down into specific incident data.It supports various roles including Security Incident Manager, Analyst, and CISO, offering visualizations such as charts, heatmaps, and maps to facilitate quick understanding and effective response.
Show full answerShow less
Key Features
Role-Specific Dashboards:
Security Incident Manager Overview: Displays metrics like critical and high priority incidents assigned to the team, SLA expirations, risk vs severity heatmaps, incident trends, and average times to contain or identify incidents.
Security Analyst Overview: Focuses on individual assignments including critical/high priority work, SLA expirations, incident states, task types, and regional incident maps.
Security Incident CISO Overview: Available with or without the Security Incident Analytics plugin, providing weekly incident counts, trends of new and closed incidents, closure codes, business impact treemaps, and performance metrics like average time to contain, eradicate, or identify incidents.
Interactive Visualizations: Users can hover over or click on parts of charts, pie slices, heatmaps, and maps to reveal detailed data and lists for in-depth analysis.
Security Incident Response Explorer: Offers a geographical map view of incidents, highlighting affected regions globally and configurable via filters when the Security Incident Analytics plugin is activated.
Additional Analytics Integrations:
When the Security Incident Analytics plugin is enabled, users can add real-time treemaps for service impact and incident visualization.
If the Vulnerability Response plugin is activated, vulnerability significance charts and other visualizations can be incorporated into the overview dashboard.
Performance Analytics Solutions: Preconfigured dashboards deliver best-practice metrics such as incident counts and average age of open incidents to monitor and improve security incident response processes.
Practical Benefits for ServiceNow Customers
Gain a comprehensive, role-based view of security incidents to prioritize and manage response efforts efficiently.
Use interactive charts and maps to quickly pinpoint high-risk areas and understand incident distributions across teams, categories, and geographic locations.
Track SLA performance and incident lifecycle metrics to meet compliance and improve operational effectiveness.
Leverage advanced analytics plugins to enhance incident visualization and integrate vulnerability insights for a holistic security posture.
Access detailed drill-downs from summary reports to actionable incident details, facilitating faster investigation and resolution.
The Security Incident Response Overview dashboard provides an executive view into security incident activity, providing trends and reports, and drill-downs into specific data.
The Overview module displays security incident information that is tailored to the role of the
user. You can point to any part of a chart (bar, pie, data point, heatmap, and so on) to view
general data specific to that part. See the following image. If you click any part of a report, a
list opens to provide detailed information.Figure 1. Trend of All Security Incidents
Security Incident Manager Overview
Users with the Security Incident
Administrator and Security Incident Manager roles view the Security Incident Manager Overview. It
contains the following reports in the base system.
The number of critical security incidents assigned to the team.
Team High Security Incidents
Single score
The number of high security incidents assigned to the team.
SLAs expiring within 24 hours
Single score
The number of SLAs that expire within the next 24 hours.
Risk vs Severity
Heatmap
The distribution of security incidents assigned to the team by risk and
severity.
Security Incidents by CI Class, last 3 months
Bar chart
The count of security incidents assigned to the team by configuration item
class.
Trend of All Security Incidents
Trend
Plots the count of the number of security incidents received by category or priority.
Unauthorized Access Security Incidents
Bar chart
Displays the types of security incident categories received over time.
Average Time to Contain
Single score
The average time it takes to contain all security incidents.
Average Time to Contain Critical
Single score
The average time it takes to contain all critical security incidents.
Average Time to Identity
Single score
The average time it takes to identify all security incidents.
Security Analyst Overview
Users with the Security Incident Analyst role
view the Security Analyst Overview. It contains the following reports in the base system.
Table 2. Security Analyst Overview reports
Name
Visual
Description
My Critical Priority Work
Single score
The number of critical security incidents assigned to me.
My High Priority Work
Single score
The number of high security incidents assigned to me.
My SLAs expiring within 24 hours
Single score
The number of SLAs assigned to me that expire within the next 24 hours.
Security Incidents assigned to me
Bar chart
Security Incidents assigned to me by incident state or category.
Work assigned to me by Type
Bar chart
Security tasks (incidents, tasks, or requests) assigned to me by type or
priority.
Security Incidents, Requests, Tasks assigned to me
List
A list of all security incidents, security requests, and tasks assigned to me.
Security Incident Location
Map
Regional location of the security incidents.
Count
Map
Number of security incidents per region.
Min/Max Count
Color Spectrum Bar
The minimum and maximum numbers of security incidents per region represented by a
color spectrum bar.
Percentage of Count
Map
Percentage of the total incident count per region.
Security Incident CISO Overview with Security Incident Analytics
activated
When the Security Incident Analytics plugin is
activated, users with the Security Incident CISO and System Administrator roles view the Security
Incident CISO Overview. The following CISO reports are provided in the base system.
The number of new security incidents received in the current week.
Security Incidents Closed This Week
Single score
The number of security incidents closed in the current week.
New Security Incidents (Running 7 Days)
Single score
The number of security incidents opened within the last 7 days.
Security Incidents Closed (Running 7 Days)
Single score
The number of security incidents closed within the last 7 days.
Daily New Security Incidents vs Closed Security Incidents
Trend
New and Closed security incident counts over time by day.
Weekly New Security Incidents vs Closed Security Incidents
Trend
New and Closed security incidents over time by week.
Security Incident Close Code
Trend
Full count of closure codes over time.
Security Incident Business Impact
Treemap
Business services with security incidents with available groupings by business
criticality.
Average Time to Contain (Weekly)
Trend
The 7-day average time it takes to contain a security incident over time.
Average Time to Eradicate (Weekly)
Trend
The 7-day average time it takes to eradicate a security incident over time.
Average Time to Identity (Weekly)
Trend
The 7-day average time it takes to identify a security incident over time.
Security Incident Location
Map
Regional location of the security incidents.
Count
Map
Number of security incidents per region.
Min/Max Count
Color Spectrum Bar
The minimum and maximum numbers of security incidents per region represented by a
color spectrum bar.
Percentage of Count
Map
Percentage of the total incident count per region.
Security Incident CISO Overview without Security Incident Analytics
activated
When the Security Incident Analytics plugin is not
activated, users with the Security Incident CISO and System Administrator roles view the Security
Incident CISO Reporting Overview. The following CISO reports are provided in the base system.
The number of new security incidents opened in the current week.
Security Incidents Closed This Week
Single score
The number of security incidents closed in the current week.
New Security Incidents (Running 7 Days)
Single score
The number of security incidents opened within the last 7 days.
Security Incidents Closed (Running 7 Days)
Single score
The number of security incidents closed within the last 7 days.
Weekly New Security Incidents
Trend
The new security incidents opened on a weekly basis.
Weekly Closed Security Incidents
Trend
The security incidents closed on a weekly basis.
Security Incident Close Codes
Trend
Security incident close codes over time.
Business Services with Security Incidents - Business Impact
Treemap
Business services with security incidents with available groupings by business
criticality.
Average Time to Contain
Single score
The average time it takes to contain all security incidents.
Average Time to Contain Critical
Single score
The average time it takes to contain all critical security incidents.
Average Time to Identity
Single score
The average time it takes to identify all security incidents.
Note:
The Security Incident Response
base system includes Performance Analytics Solutions for displaying preconfigured best practice
dashboards. The dashboards present important metrics for analyzing your Security Incident
Response process, such as new security incidents or the average age of open security incidents.
For more information and installation instructions, see
Security Incident Response Platform Analytics Solutions.
