IDR SOC Metric

Any solutions currently on tracking common SOC metrics in IDR?

Such as

  • Severity of investigations over time
  • Open to close investigations over time
  • MTTD - Mean Time to Detect
  • MTTI - Mean Time to Investigation
  • MTTR - Mean Time to Respond
  • Escalations over time

The Security Operations Activity Dashboard - Monitor Your Security Operations Activities | InsightIDR Documentation might be useful for some of the metrics.

I’ve been thinking the same thing but haven’t created any custom queries and widgets yet. The built-in security operations dashboard is fairly limited and not customizable.

I asked for the same thing a few months ago, they don’t have it yet. Only way I a third party ticketing system and do it that way