This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Security Incident Response Overview dashboard
The Security Incident Response Overview dashboard offers an executive-level view of security incident activity within your organization.It provides tailored insights based on user roles, featuring trends, detailed reports, and interactive drill-downs into specific incident data.This dashboard helps you quickly understand security incident metrics, identify critical issues, and monitor response effectiveness.
Show full answerShow less
Key Features
Role-Based Dashboards:
Security Incident Manager Overview: Displays key metrics such as critical and high security incidents assigned to teams, SLA expirations, risk versus severity heatmaps, incident trends, and average containment and identification times.
Security Analyst Overview: Focuses on individual analyst workload, including assigned critical and high priority incidents, expiring SLAs, incident counts by state or category, and geographic incident distribution via maps.
Security Incident CISO Overview: Provides executive-level insights with and without the Security Incident Analytics plugin, showing weekly new and closed incidents, incident closure trends, business impact treemaps, and average times to contain, eradicate, and identify incidents.
Interactive Visualizations: Users can interact with charts (bar, pie, heatmap, treemaps) to reveal detailed lists and data specific to segments of the chart, enhancing data exploration and decision-making.
Security Incident Maps: Geographic visualization of incident locations, configurable with filters when Security Incident Analytics is activated, allowing you to monitor regional incident distributions effectively.
Integration with Other Plugins:
Security Incident Analytics plugin enhances dashboard capabilities with additional charts and detailed trends.
Vulnerability Response plugin enables adding vulnerability significance charts to the overview for integrated risk assessment.
Performance Analytics Solutions: The base system includes preconfigured dashboards for key performance metrics like incident counts and average age of open incidents, supporting best practices in security incident response.
Practical Benefits for ServiceNow Customers
Gain role-specific visibility into security incidents to prioritize and manage response efforts effectively.
Use interactive dashboards to quickly drill down from high-level trends to detailed incident data, streamlining investigation and remediation.
Monitor SLA compliance and average containment and identification times to optimize incident handling processes.
Leverage geographic and business impact visualizations to understand the distribution and criticality of incidents across your enterprise.
Enhance situational awareness and decision-making with integrated analytics and vulnerability data when additional plugins are enabled.
Overall, the Security Incident Response Overview dashboard equips ServiceNow users with actionable, data-driven insights to improve security incident management, reduce response times, and support organizational security objectives.
The Security Incident Response Overview dashboard provides an executive view into security incident activity, providing trends and reports, and drill-downs into specific data.
The Overview module displays security incident information that is tailored to the role of the
user. You can point to any part of a chart (bar, pie, data point, heatmap, and so on) to view
general data specific to that part. See the following image. If you click any part of a report, a
list opens to provide detailed information.Figure 1. Trend of All Security Incidents
Security Incident Manager Overview
Users with the Security Incident
Administrator and Security Incident Manager roles view the Security Incident Manager Overview. It
contains the following reports in the base system.
The number of critical security incidents assigned to the team.
Team High Security Incidents
Single score
The number of high security incidents assigned to the team.
SLAs expiring within 24 hours
Single score
The number of SLAs that expire within the next 24 hours.
Risk vs Severity
Heatmap
The distribution of security incidents assigned to the team by risk and
severity.
Security Incidents by CI Class, last 3 months
Bar chart
The count of security incidents assigned to the team by configuration item
class.
Trend of All Security Incidents
Trend
Plots the count of the number of security incidents received by category or priority.
Unauthorized Access Security Incidents
Bar chart
Displays the types of security incident categories received over time.
Average Time to Contain
Single score
The average time it takes to contain all security incidents.
Average Time to Contain Critical
Single score
The average time it takes to contain all critical security incidents.
Average Time to Identity
Single score
The average time it takes to identify all security incidents.
Security Analyst Overview
Users with the Security Incident Analyst role
view the Security Analyst Overview. It contains the following reports in the base system.
Table 2. Security Analyst Overview reports
Name
Visual
Description
My Critical Priority Work
Single score
The number of critical security incidents assigned to me.
My High Priority Work
Single score
The number of high security incidents assigned to me.
My SLAs expiring within 24 hours
Single score
The number of SLAs assigned to me that expire within the next 24 hours.
Security Incidents assigned to me
Bar chart
Security Incidents assigned to me by incident state or category.
Work assigned to me by Type
Bar chart
Security tasks (incidents, tasks, or requests) assigned to me by type or
priority.
Security Incidents, Requests, Tasks assigned to me
List
A list of all security incidents, security requests, and tasks assigned to me.
Security Incident Location
Map
Regional location of the security incidents.
Count
Map
Number of security incidents per region.
Min/Max Count
Color Spectrum Bar
The minimum and maximum numbers of security incidents per region represented by a
color spectrum bar.
Percentage of Count
Map
Percentage of the total incident count per region.
Security Incident CISO Overview with Security Incident Analytics
activated
When the Security Incident Analytics plugin is
activated, users with the Security Incident CISO and System Administrator roles view the Security
Incident CISO Overview. The following CISO reports are provided in the base system.
The number of new security incidents received in the current week.
Security Incidents Closed This Week
Single score
The number of security incidents closed in the current week.
New Security Incidents (Running 7 Days)
Single score
The number of security incidents opened within the last 7 days.
Security Incidents Closed (Running 7 Days)
Single score
The number of security incidents closed within the last 7 days.
Daily New Security Incidents vs Closed Security Incidents
Trend
New and Closed security incident counts over time by day.
Weekly New Security Incidents vs Closed Security Incidents
Trend
New and Closed security incidents over time by week.
Security Incident Close Code
Trend
Full count of closure codes over time.
Security Incident Business Impact
Treemap
Business services with security incidents with available groupings by business
criticality.
Average Time to Contain (Weekly)
Trend
The 7-day average time it takes to contain a security incident over time.
Average Time to Eradicate (Weekly)
Trend
The 7-day average time it takes to eradicate a security incident over time.
Average Time to Identity (Weekly)
Trend
The 7-day average time it takes to identify a security incident over time.
Security Incident Location
Map
Regional location of the security incidents.
Count
Map
Number of security incidents per region.
Min/Max Count
Color Spectrum Bar
The minimum and maximum numbers of security incidents per region represented by a
color spectrum bar.
Percentage of Count
Map
Percentage of the total incident count per region.
Security Incident CISO Overview without Security Incident Analytics
activated
When the Security Incident Analytics plugin is not
activated, users with the Security Incident CISO and System Administrator roles view the Security
Incident CISO Reporting Overview. The following CISO reports are provided in the base system.
The number of new security incidents opened in the current week.
Security Incidents Closed This Week
Single score
The number of security incidents closed in the current week.
New Security Incidents (Running 7 Days)
Single score
The number of security incidents opened within the last 7 days.
Security Incidents Closed (Running 7 Days)
Single score
The number of security incidents closed within the last 7 days.
Weekly New Security Incidents
Trend
The new security incidents opened on a weekly basis.
Weekly Closed Security Incidents
Trend
The security incidents closed on a weekly basis.
Security Incident Close Codes
Trend
Security incident close codes over time.
Business Services with Security Incidents - Business Impact
Treemap
Business services with security incidents with available groupings by business
criticality.
Average Time to Contain
Single score
The average time it takes to contain all security incidents.
Average Time to Contain Critical
Single score
The average time it takes to contain all critical security incidents.
Average Time to Identity
Single score
The average time it takes to identify all security incidents.
Note:
The Security Incident Response
base system includes Performance Analytics Solutions for displaying preconfigured best practice
dashboards. The dashboards present important metrics for analyzing your Security Incident
Response process, such as new security incidents or the average age of open security incidents.
For more information and installation instructions, see
Security Incident Response Platform Analytics Solutions.
