SOC Analyst Dashboard
New Incidents (Last 60 min)
Open Incidents by Severity
Open Incidents by Status
Active Alerts (Last 15 min)
Top Affected Entities
Incident Aging
Repeated Detections (7d)
Top 5 High-Volume Security Risks
SOC Performance Metrics (24h)
MTTD
Mean Time to DetectMTTA
Mean Time to AcknowledgeMTTR
Mean Time to ResolveSLA Compliance (High Severity)
MTTA/MTTR vs SLA thresholds (last 24h)
Incident Inflow (24h)
Incident Closure Rate (24h)
Alert Escalation Rate
Percentage of alerts escalated to incidents
Alert to Incident Ratio
Alert to incident conversion summary (7d)
False Positive Rate
Percentage of alerts closed as false positives
Benign Positive Rate
Benign positives / total alerts
Automation Rate
Alerts resolved or triaged by automation
True Positive Rate
Validated true positives / total alerts
False Negative Rate
Percentage of confirmed incidents first identified via external sources (customer reports, threat intel, law enforcement, audits)
Alerts per Analyst by Severity (24h)
Rule Firing Volume (24h)
Data ingestion health from Microsoft Sentinel (last 24 hours)
Ingestion Volume by Table (24h)
Detection Coverage
Percent of critical assets and telemetry sources covered by rules
Tables with Zero Ingestion
Tables that have not received data in 24h
Storage Tier Distribution
Percent of logs in cost-effective vs hot storage
Alert Volume Trend
Daily alert counts over time
Alert Volume Before Tuning
30-day baseline vs current 7-day average
SIEM Cost Effectiveness
Cost per alert and incident (last 24h)
Customer-scoped security metrics from Microsoft Sentinel
Security Snapshot
Open Incidents by Severity
Incidents by Status
Active Alerts (Last 15 min)
Incident Age Distribution
Incident Trends (7 Days)
Incidents Created
Incidents Closed
Incident Severity Breakdown
Daily severity distribution
Alert-to-Incident Rate
Percentage of alerts promoted to incidents
Responsiveness
Elapsed time metrics (not SLA targets)
Time to Acknowledge
Time to Resolve
Response Time Distribution
Incidents by acknowledgment and resolution time buckets
What Is Affected
Top Affected Entities
Top Alert Rules
Most frequently triggered alert rules
Executive Overview
30-day executive summary of exposure, remediation velocity, and coverage.
Total Risk Exposure
Avg. Days to Fix High Risks
Daily Risk Intensity (30-Day Trend)
Primary Risk Drivers
Top contributors to exposure over the reporting window.
Primary Risk Drivers
Attack Surface Coverage %
Strategic Risk Management
Are remediation efforts keeping pace with new risks?
Risk Burn-down Rate
Executive Actions
Closed incidents requiring executive visibility.
30-Day Remediation History & Accountability
Workload & Risk Drivers
30-day remediation history and volume signals.
Workload Volume by Severity
Strategic Actions
Accepted risks and remediation value insights.
Remediation ROI (Loss Avoided)
Policy Exception Tracker
Resolution Efficiency & Aging
Aging Distribution (Incident Volume)
Resolution Efficiency %
Average Age Days to Resolve
Daily Resolution Speed
Average resolution age with a 2-day target line.
Daily Resolution Speed vs 2-Day Target
Target Outliers (> 2 days)
Risk Debt & SLA Health
Operational debt and business-unit SLA performance.
Risk Debt Growth
SLA Health by Business Unit
Closed Incident Details
Closed Incident Details (30d)
Essential Eight Framework
Interactive maturity assessment demo for the ACSC Essential Eight.
Essential Eight Maturity Assessment
Real-time security posture monitoring powered by Microsoft Sentinel
Microsoft Sentinel Integration
ConnectedCompliance Trend
Mitigation Strategy Overview
Implementation Status
Evidence Quality
Control Assessment Details
| Control | Mitigation Strategy | Status | Evidence | Test Type | Last Updated | Actions |
|---|