Security Incident Management Premium dashboard

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Incident Management Premium dashboard

    The Security Incident Management Premium dashboard leverages advanced Platform Analytics visualizations to help security managers monitor the lifecycle of security incidents—from detection and analysis through containment, eradication, and recovery. It requires the licensed version of Performance Analytics to function.

    Show full answer Show less

    This dashboard provides critical insights into the volume, performance, and progress of security incidents, enabling security teams to maintain a clear view of their security posture and prioritize response efforts effectively.

    End users and roles

    • Security Response Manager (snsi.manager): Gains visibility into the overall state and volume of security incidents related to applications and services, with capability to adjust assignment groups.
    • Security Response Administrator (snsi.admin): Quickly identifies areas of concern, fully controls Security Incident Response data, administers territories and skills, and adjusts risk calculation parameters to focus on the most pertinent vulnerabilities.
    • Security Response Analysts (snsi.analyst): Prioritize vulnerabilities based on organizational criticality; Tier 1 and 2 analysts can create and update security incidents, requests, tasks, and related problems, changes, and outages.

    Key Indicators and Metrics

    The dashboard includes several workbench widgets and tabs with important indicators to measure incident management effectiveness:

    • Process by State and Process by Age Tabs: Track average age of open incidents, average reassignment times, average age of last update, and percentage of incidents not updated in the last 5 days.
    • Data Quality Tab: Offers interactive filters for incident category, risk, priority, and severity, applied to indicators such as incidents open for more than 30 days by assignment group and state, incidents with inactive or no assignees, and incidents not updated in over 30 days.
    • KPI Tab: Displays key performance indicators including percentage of new critical incidents, average age and close time of open incidents, reassignment rates, first-assignment closure rates, self-service closure rates, unresolved incident percentages, and average close time of incident tasks.

    Breakdowns

    Indicators can be broken down by several dimensions to provide detailed insights:

    • Security Group
    • Security Incident Age
    • Security Incident Category
    • Security Incident Priority
    • Security Incident State

    This dashboard uses advanced Platform Analytics visualizations to aid security managers to track the volume, performance and progress of security incidents from initial analysis/detection to containment, eradication, and recovery. The licensed version of Performance Analytics is therefore required.

    Figure 1. Security incident response by state
    The Process by State tab of the Security Incident Management Premium dashboard
    Figure 2. Security incident response by age
    Workbench widget showing key security incident indicators broken down by age

    End users and roles

    End user and goal Required role Benefits
    Security Response Manager: Needs clear visibility into the overall state and volume of security incidents associated with applications and services. sn_si.manager Can review the overall security posture with the ability to adjust the members of assignment groups.
    Security Response Administrator: Needs to pinpoint areas of concern quickly and have full control over all Security Incident Response data while administering territories and skills, as needed. sn_si.admin Can adjust risk calculation parameters to ensure vulnerable items that are most pertinent to the organization are being addressed first.
    Security Response Analysts: Need to quickly prioritize which vulnerabilities to focus on based upon criticality to the organization. sn_si.analyst Tier 1 and 2 security analysts work on security incidents. They can create and update security incidents, requests, and tasks, as well as problems, changes, and outages related to their incidents.

    Security Incident Management Premium indicators

    The Process by State and Process by Age tabs contain workbench widgets with the following indicators:
    Average age
    The Average age of open security incidents indicator uses the formula [[Summed age of open security incidents]] / [[Number of open security incidents]] / 24 to give a result in days.
    Average reassignment times
    The Average re-assignment of open security incidents indicator uses the formula Summed re-assignment of open security incidents / Number of open security incidents.
    Average age of last update
    The Average age of last update of open security incidents indicator uses the formula Summed age of last update of open security incidents / Number of open security incidents / 24 to give a result in days.
    % not updated in 5 days
    The % of open security incidents not updated in last 5 days indicator uses the formula ( [[Number of open security incidents not updated in the last 5 days]] / [[Number of open security incidents]] ) * 100.
    The Data Quality tab has interactive filters for the Category of the security incident and the levels of Risk, Priority, and Severity. These filters are applied simultaneously to the following indicators:
    Security Incidents Open for More Than 30 Days by Assignment Group and State
    The Number of open security incidents filtered for an age of 30 days and broken down by Assignment group and State.

    Heatmap widget of security incidents open more than 30 days with the Assignment Group and State level 1 and 2 breakdowns

    Security Incidents With Assignee That is not Active
    The Number of open security incidents with no assignee or an assignee who is not active.
    Security Incidents Open for More Than 30 Days by Assignment Group and State
    The Number of open security incidents not updated in the last 30 days indicator broken down by Assignment group and State.
    The KPI tab has the following additional indicators:
    • % of new critical security incidents
    • Average Age of Open Security Incidents
    • Average Close Time of Security Incidents
    • % Of Security Incidents that have been reassigned
    • % of Security Incidents closed on first assignment
    • % of security incidents closed by self-service
    • % of security incidents not solved
    • Average Close time of security incident tasks

    Breakdowns

    The following breakdowns apply to the indicators on the dashboard:
    • Security Group
    • Security Incident Age
    • Security Incident Category
    • Security Incident Priority
    • Security Incident State