Metrics require fields, queries, and manual work. This section also suggests which ticketing system and form fields are recommended to allow proper recording/reporting of metrics.
- DateTime Occurred
- DateTime Detected
- DateTime Contained
- DateTime Expelled
- DateTime Owner Notified
- DateTime Escalated
- Recommended Mitigation
- Severity
- Source Use Case
- Source Signature
- Origination
- MITRE ATT&CK Technique
- Average Cost Per Incident
- Average Time to Detect
- Average Time to Escalate
- Average Time to Contain
- Average Time to Expel
- Average Time to Notify
- Incidents Opened in a given time frame
- Incidents Closed in a given time frame
- Count of Incidents per Recommended Mitigation
- Count of Incidents per Severity
- Count of Incidents per Severity Not Reviewed Within Required Time
- Count of Incidents per Alert/Rule/Signature
- Count of Incidents per Use Case
- Count of False Positive Incidents Per Use Case
- Count of Incidents per Attack Technique
See Also