What type of Incident Management reporting you would like to see in Live?
I would like to see some information on trending of alerts and incidents. So we can also see the open and close rate of tickets to see the average response times and resolutions.
More detailed in the status of tickets between Remediation Requested and Resolved and being able to summarize that as well. This becomes useful for us to see how many tickets we get required a remediation action.
If we can also dashboard any of these, that would be helpful as well for Management.
Let me know if this helps and will provide more feedback if we come up with anything else.
Miha - adding charts to dashboard is definitely on the list. Are there any specific metadata you are interested in - all columns cannot be indexed and exposed, we need to have a list.
Could be great to have a dashboard with assignable color based on the incidentes + risk.
List of assests / IPs / Host / Users with High Impact in the bussiness operation with high risk alerts.
List of new incidents by priority.
As I was working on an incident I just thought of another nice to have would be an Incident Report. So when we have a specific incident where the details are required to be provided such as journal entries/timeline and all the attached files, remediation actions, etc. This would allow us or specific Security Incident's to pull out all the details and Journal Entries of what happened and provide it to management afterwards.