What type of IM reporting you would like to see? Example: Incidents by status, by priority, assignee, close rate etc.
Also, out-of-the-box reports on alerts as important as incidents?
I would like to see some information on trending of alerts and incidents. So we can also see the open and close rate of tickets to see the average response times and resolutions.
More detailed in the status of tickets between Remediation Requested and Resolved and being able to summarize that as well. This becomes useful for us to see how many tickets we get required a remediation action.
If we can also dashboard any of these, that would be helpful as well for Management.
Let me know if this helps and will provide more feedback if we come up with anything else.
Thanks Kyle. I will schedule a meeting with you separately, but a quick question is for how far back you may want to see these trends?
Anywhere from 1 month to at greatest 3 months I believe would provide the trending we are looking for.
Please add option to report on all collected meta data and not only limited subset.
Option to create different graphs and way to add charts to Dashboard.
Miha - adding charts to dashboard is definitely on the list. Are there any specific metadata you are interested in - all columns cannot be indexed and exposed, we need to have a list.
The ability to create a csv file from both the Incident Journals and Remediation Tasks using date, INC or REM would be great quick win for RSA. Thanks.
Could be great to have a dashboard with assignable color based on the incidentes + risk.
List of assests / IPs / Host / Users with High Impact in the bussiness operation with high risk alerts.
List of new incidents by priority.
As I was working on an incident I just thought of another nice to have would be an Incident Report. So when we have a specific incident where the details are required to be provided such as journal entries/timeline and all the attached files, remediation actions, etc. This would allow us or specific Security Incident's to pull out all the details and Journal Entries of what happened and provide it to management afterwards.
I would like to see improvements made to the way that details are added to the incident.
Things like formatting in the summary and incident journal would be nice.
I actually came up with a soup-to-nuts SAIM reporting content bundle which consisted of scripts on the IM to export via mongo, custom parser & transform, custom indexing and some sample reports if you'd be interested to use as a reference? I went ahead and attached it if you'd like a copy of it. It was developed by me for a client that decided not to use IM, so it's never been in prod, but it may still be a good jumping off point.
That is awesome. I will take a look and see what I can do with it.
Retrieving data ...