Incident metrics

Incident Metrics

Introduction
This document outlines the key metrics included in the Incident Metrics Report. This report provides a detailed analysis of security incidents managed by our SOC over a specific period.

Report Highlights
Incident Distribution: This measures the number of incidents identified versus those that were significant enough to be sent to the customer for further action.

Incidents Generated Over Time:
A timeline view showing the frequency of incidents on a daily basis, allowing for trend analysis and peak identification.

Incidents by Severity:
A breakdown of incidents by severity, offering insights into the threat landscape's intensity and potential impact.

Incidents per Log Source:
This shows the distribution of incidents across different log sources, which can inform about the most targeted or vulnerable systems.

Incidents by Tactics:
Classification of incidents by the tactics used, such as Initial Access, Execution, or Privilege Escalation, aligning with the MITRE ATT&CK framework for threat modeling.

Utilizing the Data

Performance Tracking:
Monitor SOC performance in identifying and escalating critical incidents.

Threat Analysis:
Use severity and tactics data to understand the threat types and their operational impact.

Resource Allocation:
Prioritize resource distribution based on the log sources generating the most incidents.

Trend Monitoring:
Evaluate incident trends over time to inform security strategy and potential need for increased vigilance or controls during peak activity periods.

Continuous Improvement We encourage clients to use this report to discuss performance against KPIs, assess the effectiveness of current security measures, and identify areas for improvement.