Dashboard for time between logging and detections firing
Andrew Malone
Member
Does anyone have any advice on how you could create a dashboard to see the average amount of time between the initial log time and a detection firing based off of that log? If possible I would like to see the distributions of time based on log source as well.
Tagged:
0
Comments
Hi @Andrew Malone I think that you will find the post written by the amazing @Chris Martin very helpful - https://medium.com/@thatsiemguy/monitoring-detection-rule-latency-in-chronicle-siem-43adbb7f08dd
Please let me know if you have any additional questions.
Thank you for passing along, that was a great read.
Happy to hear 😊